Staff Product Security Analyst
Bengaluru (Bangalore Urban) Infra / Networks / Telecom
Job description
3048271
City
Bangalore
Career Level
Experienced
Relocation Assistance
No
Business
GE Oil & Gas
Business Segment
Oil & Gas Digital
Function
Digital Technology
Country/Territory
India
Postal Code
560066
Role Summary/Purpose
Staff Product Security Analyst will work with teams comprised of Software Engineers, Quality Engineers, User Interaction Design Engineers, Infrastructure/Platform team, and the Product Owners to help lead the technical insight and industry perspective in the creation, delivery, and integration of complex and comprehensive security solutions. They will be a developer security evangelist they will provide thought leadership & help guide developers in secure coding practices
Essential Responsibilities
Highly skilled security Engineer who enjoys security work and collaborating with product managers and developers to drive the successful adoption of innovative methods in developing secure applications. Drive tailored SDL practice into specific engineering and consult architect on security requirements and utilize best practices to meet them. Engage in application and domain-specific threat modeling and attack surface analysis/reduction. Working with all scrum teams for security-focused design. Identifying and ensuring resolution of possible technical implications of each release. Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development. Help prepare reports at appropriate levels of confidentiality for stakeholders to view. Responding to customer-facing departments about Predix security posture. Responding promptly and in detail to customer-sponsored penetration tests. Promotes standards through workshops, knowledge shares, and code walk-throughs. Promotes best practices and design patterns. Provides guidance on automated testing tools and techniques. Securely on-board external developer applications and third party services as part of overall Predix ecosystem
Qualifications/Requirements
• Bachelor's Degree in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math) and/or a minimum of 4 years of equivalent experience
• A minimum of 4 years of experience in security development life cycle
• At least 4 years of experience involvement with development team(s) that delivered software based service
At least 2-4 years of experience in Cloud Security Design and Implementation
Desired Characteristics
• Manage all aspects of Cloud Security Operations for AWS/Azure/GCP.
• Drive tailored SDL practice into specific engineering
• Create and track meaningful metrics around product cyber risk and compensating controls
• Consult, architect on security requirements and utilize best practices to meet them.
• Design, implement and Manage Cloud Security Controls, i.e. Network Security, Parameter Security, Privileged Access Management, multi factor authentication, Identity and Access Management, etc.
• Engage in application and domain-specific threat modeling and attack surface analysis/reduction
• Working with all scrum teams for security-focused design
• Identifying and ensuring resolution of possible technical implications of each release
• Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development
• Help prepare reports at appropriate levels of confidentiality for stakeholders to view
• Responding promptly and in detail to customer-sponsored penetration tests
• Promotes standards through workshops, knowledge shares, and code walk-throughs
• Promotes best practices and design patterns
• Provides guidance on automated testing tools and techniques
#DTR
About Us
GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry.