Staff Product Security Representative - Bengaluru, Karnataka, India - GE HEALTHCARE

GE HEALTHCARE

Verified Company

Bengaluru, Karnataka, India

2 weeks ago

Posted by:

Deepika Kaur

beBee Recuiter

Description

Job Description Summary:
Responsible for hunting, detecting and responding to digital security threats. Demonstrates technical leadership abilities and strong comprehension of malware, emerging threats and calculating risk.

GE HealthCare is a leading global medical technology and digital solutions innovator. Our purpose is to create a world where healthcare has no limits.

Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world.

Summary

The Product Security Engineer is a product team's cybersecurity focal point for secure product development and maintenance of released product.

The Product Security Engineer is an experienced member of the product engineering team with influence to drive product privacy and cybersecurity features and enhancements.

The Product Security Engineer must have deep product knowledge to ensure the clinical functionality, expected operating environment, and interoperability to accurately determine a product's privacy and security risks.

GE HealthCare is a leading global medical technology and digital solutions innovator. Our purpose is to create a world where healthcare has no limits.

Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world.

Essential Responsibilities:

GE Healthcare have devised a Design Engineering Privacy and Security Procedure to ensure compliance to the special cybersecurity needs of the Healthcare industry across the continuum of the Secure Development Life Cycle.

Roles and Responsibilities:

Provide privacy and security technical expertise in support of the product

team throughout product development, design change, and life-cycle

management.

Work with the Product Security Leader (PSL) to support the product team

with process expertise for the GE HealthCare-GEHC Product Cybersecurity

Standard and life-cycle management.

Product cybersecurity development responsibilities:

Assess the privacy and cybersecurity state of the product and define product roadmap features/enhancements with stakeholder approval.
Responsible for security architecture and coordination of product development for cybersecurity features and enhancements
Assess product components and SBoM integrated into the product
Perform defect management for cybersecurity issues
Identify operational responsibilities and adherence to cloud standards for cloud

- based products.

Responsible for Product and Security Manual and MDS2 documentation.
In coordination with the PSL, own and deliver GEHC Product Cybersecurity

Standard artifacts, which includes:

Design input activities to identify, evaluate, roadmap, and drive cybersecurity and privacy features and enhancements within product development programs
Create Design Engineering Privacy and Security (DEPS) artifacts for privacy and security risk assessments to engage in domainspecific product threat modeling, attack surface analysis, risk management and reduction
Coordinates with the PSL to support the product team in scheduling and performing vulnerability scans and cybersecurity assessments
Lead product Security Technical Design Reviews
Along with the product LSD, responsible for the GEHC Product Cybersecurity Standard compliance and other pertinent standards and process.
Stay current on healthcare privacy trends and regulatory environment (i.e.

FDA, HIPAA, GDPR, etc ) to effectively communicate privacy awareness with

the product team.

Works with the GEHC Product Security team and QARA on

released product life-cycle, including:

Participate in postmarket product vulnerability monitoring
Participate as an Subject Matter Expertise to determine product vulnerability impact, investigation, and risk assessment.
Responsible for product vulnerability mitigation and design change.
Responsible for GEHC vulnerability tool update to ensure accurate customer communication.
Address customer and Sales RFP privacy and security feedback/questions Provide technical expertise on customer concerns, complaints, and CSO escalations.
Create/Maintain responsible product records within GEHC product cyberse

curity tools.

Active involvement in DoD RMF submission process and maintenance.

Educational Qualifications:

Bachelor's Degree in a relevant field (e.g. Computer Engineering, Computer Science, Information Security) or in a STEM major (Science, Technology, Engineering, or Math)
3+ years of progressive experience as a development/cybersecurity engineer or scientist/researcher working with a cybersecurity skill set.

Desired Characteristics: