Staff Product Security Analyst

Job description

3048271
City

Bangalore
Career Level

Experienced
Relocation Assistance

No
Business

GE Oil & Gas
Business Segment

Oil & Gas Digital
Function

Digital Technology
Country/Territory

India
Postal Code

560066
Role Summary/Purpose

Staff Product Security Analyst will work with teams comprised of Software Engineers, Quality Engineers, User Interaction Design Engineers, Infrastructure/Platform team, and the Product Owners to help lead the technical insight and industry perspective in the creation, delivery, and integration of complex and comprehensive security solutions. They will be a developer security evangelist they will provide thought leadership & help guide developers in secure coding practices
Essential Responsibilities

Highly skilled security Engineer who enjoys security work and collaborating with product managers and developers to drive the successful adoption of innovative methods in developing secure applications. Drive tailored SDL practice into specific engineering and consult architect on security requirements and utilize best practices to meet them. Engage in application and domain-specific threat modeling and attack surface analysis/reduction. Working with all scrum teams for security-focused design. Identifying and ensuring resolution of possible technical implications of each release. Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development. Help prepare reports at appropriate levels of confidentiality for stakeholders to view. Responding to customer-facing departments about Predix security posture. Responding promptly and in detail to customer-sponsored penetration tests. Promotes standards through workshops, knowledge shares, and code walk-throughs. Promotes best practices and design patterns. Provides guidance on automated testing tools and techniques. Securely on-board external developer applications and third party services as part of overall Predix ecosystem
Qualifications/Requirements

• Bachelor's Degree in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math) and/or a minimum of 4 years of equivalent experience
• A minimum of 4 years of experience in security development life cycle
• At least 4 years of experience involvement with development team(s) that delivered software based service
At least 2-4 years of experience in Cloud Security Design and Implementation
Desired Characteristics

• Manage all aspects of Cloud Security Operations for AWS/Azure/GCP.
• Drive tailored SDL practice into specific engineering
• Create and track meaningful metrics around product cyber risk and compensating controls
• Consult, architect on security requirements and utilize best practices to meet them.
• Design, implement and Manage Cloud Security Controls, i.e. Network Security, Parameter Security, Privileged Access Management, multi factor authentication, Identity and Access Management, etc.
• Engage in application and domain-specific threat modeling and attack surface analysis/reduction
• Working with all scrum teams for security-focused design
• Identifying and ensuring resolution of possible technical implications of each release
• Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development
• Help prepare reports at appropriate levels of confidentiality for stakeholders to view
• Responding promptly and in detail to customer-sponsored penetration tests
• Promotes standards through workshops, knowledge shares, and code walk-throughs
• Promotes best practices and design patterns
• Provides guidance on automated testing tools and techniques
#DTR
About Us

GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry.