FirstBank Jobs

Home View All Jobs (2,191,534)

Job Information

GE Healthcare Sr. Software Engineer in Bengaluru, India

Job Description Summary

Job Posting Title

Privacy & Security Representative

Job Description Summary

As part of the Imaging System Software platform team at GE HealthCare, PSR-Privacy & Security Representative is the cybersecurity focal point for secure product development and maintenance of released product. The PSR is an experienced member of the product engineering team with influence to drive product privacy and cybersecurity features and enhancements. The PSR must have deep product knowledge to ensure the clinical functionality, expected operating environment, and interoperability to accurately determine a product’s privacy and security risks.

Job Description

Roles and Responsibilities

In this role, you will:

• Provide privacy and security technical expertise in support of the product team throughout product development, design change, and life-cycle management.

• Work with the Product Security Leader (PSL) to support the product team with process expertise for the GEHC-GE Healthcare Product Cybersecurity Standard and life-cycle management.

• Product cybersecurity development responsibilities:

o Assess the privacy and cybersecurity state of the product and define product roadmap features/enhancements with stakeholder approval.

o Responsible for security architecture and coordination of product development for cybersecurity features and enhancements.

o Assess product components and SBoM integrated into the product.

o Perform defect management for cybersecurity issues.

o Identify operational responsibilities and adherence to cloud standards for cloud- based products.

o Responsible for Product and Security Manual and MDS2 documentation.

• In coordination with the PSL, own and deliver GEHC Product Cybersecurity Standard artifacts, which includes:

o Design input activities to identify, evaluate, roadmap, and drive cybersecurity and privacy features and enhancements within product development programs.

o Create Design Engineering Privacy and Security (DEPS) artifacts for privacy and security risk assessments to engage in domain-specific product threat modelling, attack surface analysis, risk management and reduction.

o Coordinates with the PSL to support the product team in scheduling and performing vulnerability scans and cybersecurity assessments.

o Lead product Security Technical Design Reviews

o Along with the product LSD-Lead System Designer, responsible for the GEHC Product Cybersecurity Standard compliance and other pertinent standards and process.

• Stay current on healthcare privacy trends and regulatory environment (i.e. FDA, HIPAA, GDPR, etc…) to effectively communicate privacy awareness with the product team.

• Works with the GEHC Product Security team and QARA-Quality Assurance & Regulatory Assurance on released product lifecycle, including:

o Participate in post-market product vulnerability monitoring.

o Participate as a Subject Matter Expert to determine product vulnerability impact, investigation, and risk assessment.

o Responsible for product vulnerability mitigation and design change.

o Responsible for GEHC vulnerability tool update to ensure accurate customer communication.

• Address customer and Sales RFP privacy and security feedback/questions.

• Provide technical expertise on customer concerns, complaints, and CSO escalations.

• Create/Maintain responsible product records within GEHC product cybersecurity tools.

Education Qualification:

• Bachelor's Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and Maths)

Required Characteristics:

• 10+ years of professional experience in software development.

• Sound understanding of security technologies/techniques like Cryptography, Algorithms, Public key Infrastructure (PKI) Certificate Authority (CA), Hardware/embedded authentication, OAuth, 2-factor authentication, white-box code analysis.

• Information security experience with emphasis on technical assessment (system/web application vulnerability assessment, penetration testing, white-box code analysis, etc.) and security architecture (design of security controls, secure system design, understanding of identity and authentication management, etc.)

• Experience with Security Development Lifecycle processes such as Threat Modelling.

• Experience with a range of security tools: Nessus, Kali, Microsoft Threat Modelling Tool, etc.

• Experience with OWASP, CVSS, FIPS 140-2 and 140-3, and DoD RMF.

• Knowledge of C++, Linux, JAVA

Good To Have Skills:

• Certification in cybersecurity.

• Experience in Agile development practices: Test Driven Development (TDD), Behaviour Driven Development (BDD) and Scrum.

• Experience in Micro Services using RESTful frameworks.

• Experience in Healthcare domain.

Job Description

Job Posting Title

Privacy & Security Representative

Job Description Summary

As part of the Imaging System Software platform team at GE HealthCare, PSR-Privacy & Security Representative is the cybersecurity focal point for secure product development and maintenance of released product. The PSR is an experienced member of the product engineering team with influence to drive product privacy and cybersecurity features and enhancements. The PSR must have deep product knowledge to ensure the clinical functionality, expected operating environment, and interoperability to accurately determine a product’s privacy and security risks.

Job Description

Roles and Responsibilities

In this role, you will:

  • Provide privacy and security technical expertise in support of the product team throughout product development, design change, and life-cycle management.

  • Work with the Product Security Leader (PSL) to support the product team with process expertise for the GEHC-GE Healthcare Product Cybersecurity Standard and life-cycle management.

  • Product cybersecurity development responsibilities:

  • Assess the privacy and cybersecurity state of the product and define product roadmap features/enhancements with stakeholder approval.

  • Responsible for security architecture and coordination of product development for cybersecurity features and enhancements.

  • Assess product components and SBoM integrated into the product.

  • Perform defect management for cybersecurity issues.

  • Identify operational responsibilities and adherence to cloud standards for cloud- based products.

  • Responsible for Product and Security Manual and MDS2 documentation.

  • In coordination with the PSL, own and deliver GEHC Product Cybersecurity Standard artifacts, which includes:

  • Design input activities to identify, evaluate, roadmap, and drive cybersecurity and privacy features and enhancements within product development programs.

  • Create Design Engineering Privacy and Security (DEPS) artifacts for privacy and security risk assessments to engage in domain-specific product threat modelling, attack surface analysis, risk management and reduction.

  • Coordinates with the PSL to support the product team in scheduling and performing vulnerability scans and cybersecurity assessments.

  • Lead product Security Technical Design Reviews

  • Along with the product LSD-Lead System Designer, responsible for the GEHC Product Cybersecurity Standard compliance and other pertinent standards and process.

  • Stay current on healthcare privacy trends and regulatory environment (i.e. FDA, HIPAA, GDPR, etc…) to effectively communicate privacy awareness with the product team.

  • Works with the GEHC Product Security team and QARA-Quality Assurance & Regulatory Assurance on released product lifecycle, including:

  • Participate in post-market product vulnerability monitoring.

  • Participate as a Subject Matter Expert to determine product vulnerability impact, investigation, and risk assessment.

  • Responsible for product vulnerability mitigation and design change.

  • Responsible for GEHC vulnerability tool update to ensure accurate customer communication.

  • Address customer and Sales RFP privacy and security feedback/questions.

  • Provide technical expertise on customer concerns, complaints, and CSO escalations.

  • Create/Maintain responsible product records within GEHC product cybersecurity tools.

Education Qualification:

  • Bachelor's Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and Maths)

Required Characteristics:

  • 10+ years of professional experience in software development.

  • Sound understanding of security technologies/techniques like Cryptography, Algorithms, Public key Infrastructure (PKI) Certificate Authority (CA), Hardware/embedded authentication, OAuth, 2-factor authentication, white-box code analysis.

  • Information security experience with emphasis on technical assessment (system/web application vulnerability assessment, penetration testing, white-box code analysis, etc.) and security architecture (design of security controls, secure system design, understanding of identity and authentication management, etc.)

  • Experience with Security Development Lifecycle processes such as Threat Modelling.

  • Experience with a range of security tools: Nessus, Kali, Microsoft Threat Modelling Tool, etc.

  • Experience with OWASP, CVSS, FIPS 140-2 and 140-3, and DoD RMF.

  • Knowledge of C++, Linux, JAVA, Windows

Good To Have Skills:

  • Certification in cybersecurity.

  • Experience in Agile development practices: Test Driven Development (TDD), Behaviour Driven Development (BDD) and Scrum.

  • Experience in Micro Services using RESTful frameworks.

  • Experience in Healthcare domain.

Additional Information

Relocation Assistance Provided: Yes

DirectEmployers