The Sr Staff Cyber Security Researcher is responsible for delivering controlled threat simulation services against company assets. Cyber Security Research includes threat research, structured attack development, vulnerability research and exploit development/testing, scripting, controlled exploitation of configuration weaknesses and software vulnerabilities, evasion of detection mechanisms and more.
· Leading and executing engagements; defining scope, coordinating attacks, executing tests and reporting findings, following an established methodology in accordance with defined processes
· Conduct adversary simulation to determine if flaws and exposures can be exploited by unfriendly forces
· Research, develop, implement, test and document tools, techniques and tactics used by adversaries to compromise and maintain control of information assets
· Actively mentor and develop Cyber Security Researchers
· Coordinate with other teams in IT Risk in development of threat agent profiles
· Participate in cross-team Task Forces to drive impact of Cyber Security Research findings as appropriate
· Identify and execute projects to drive simplicity and impact of Cyber Security Research efforts
· Maintain relationships with key partners from a technical operations perspective
· Bachelor's Degree in Computer Science or a related technical degree (OR Minimum of 4 years of professional IT experience)
· Minimum 3 years of experience in executing penetration tests
· Minimum 2 years of experience in scripting
· Minimum 2 years of deep, hands-on, technical security experience with at least one of: Wired Network technologies (CISCO routers / switches, Checkpoint), Wireless (WLAN, WIMAX, RFID), Enterprise Storage Systems, UNIX / Linux, Windows / AD, iSeries / zSeries, ORACLE, Web applications and Services, Cryptography, Social Engineering and Open Source Intelligence Gathering (OSINT), Mobile platforms, Software Security (Source Code Auditing and Binary Reversing)
· Minimum 1 year of experience developing exploit code or novel attacks
· Must be willing to work out of Glen Allen, VA; Van Buren Twp, MI or Poland
· Legal authorization to work in the US is required. GE may agree to sponsor an individual for an employment visa now or in the future if there is a shortage of individuals with particular skills.
· Experience leading penetration testing engagements
· Experience with the command line in Windows and/or Linux
· Ability to rapidly find, assimilate and synthesize information in pursuit of attacks
· Extreme resourcefulness with willingness to learn and teach how to characterize adversary tools and techniques, assess and test Company resources, and improve Company defenses
· Demonstrated ability to compromise complex IT systems/applications in enterprise environments
· Experience leading threat simulation or penetration testing engagements in an enterprise environment
· Proven vulnerability analysis skills
· Excellent communication skills including both verbal and written
· Hardware / electronics experience
· Strong track record of understanding and interest in current and emerging technologies demonstrated through training, job experience and/or industry activities
· Strong team player - collaborates well with others to solve problems and actively incorporates input from various sources
· Demonstrated customer focus - evaluates decisions through the eyes of the customer and can build strong customer relationships
· Change oriented - actively generates process improvements; supports and drives change, and confronts difficult circumstances in creative ways
· Ability to read / write foreign languages
GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry.
GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is anEqual Opportunity Employer . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
Additional Eligibility Qualifications
GE will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen.