GE Oil & Gas
Oil & Gas Digital
We are looking for an Sr Product Security Analyst, with a focus in vulnerability management and incident response capability. In this role you will work in a team to identify, risk rate, communicate and track product vulnerabilities and be a part of the product incident response team.
You are a skilled Analyst who enjoys security work and is an expert in systems security, product / OT security and application security. In this role, you will be working with product managers, independent researchers, and in-house researchers to identify, rate, report and manage product vulnerabilities and incidents.
In this role you will:
· Be able to scope and participate in hardware and software penetration tests, vulnerability identification and vulnerability risk assessment
· Engage in incident response methods lead incident response processes related to product cyber
· Create and track meaningful metrics around product cyber risk and compensating controls
· Create vulnerability and incident trend analysis to improve product design
· Maintain cyber Bills of Material and conduct proactive vulnerability monitoring and assessment on cyber components
· Engage and administer End Of Life processes for digital products
· Consult, architect on security requirements and utilize best practices to meet them
· Engage in application and domain-specific threat modeling and attack surface analysis/reduction
· Help prepare reports at appropriate levels of confidentiality for stakeholders to view
· Responding promptly and in detail to customer-sponsored penetration tests
· Provides guidance on automated testing tools and techniques
· Bachelor’s degree in STEM, a similar technical field of study or equivalent practical experience
· Minimum of 3 years IT experience, preferably within Identity Management
· Minimum of 1 years IT experience with Identity Management solutions
· Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job
· Must be willing to travel minimally
· Must be willing to work out of an office located in New Orleans, LA.
· Experience with cyber security framework (NIST 800-53, ISO 27001, IEC 62443, etc.) implementation and governance
· Program and Project Management experience; expertise with Agile development teams
· Experience with secure coding principles; code signing; secure boot
· Experience with penetration testing and ethical hacking
· Knowledge of CI/CD and automation tools (Chef, Git, Jenkins)
· Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML)
· Experienced in developing web services (SOAP/REST)
· Must be available for on call for potential security response
· Knowledge of application risk identification and evaluation techniques
· Knowledge of Cyber Security and full knowledge of multiple related engineering functions
· Experience securing applications within cloud platforms such as AWS, Azure and alike.
· Experience with broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment
GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry.
GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is anEqual Opportunity Employer . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
Additional Eligibility Qualifications
GE will only employ those who are legally authorized to work in the United States for this opening.