GE Careers
Apply Now    

Staff Product Security Analyst

  • GE Transportation
  • Experienced
  • Posted 1/23/2017 11:16:46 AM
  • 2801943
  • Job Function: Digital Technology
  • Business Segment: GET Transportation
Location(s): United States ; Illinois; Chicago


About Us:
GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry.
GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

Role Summary:
We are seeking a Product Security Researcher to help identify cyber security issues in some of GE’s premier industrial systems. The successful candidate will identify and advocate for the value of new security enhancements, and hunt for emerging threats to GE Transportation products.

Essential Responsibilities:
Successful candidates will be passionate and excited about using their knowledge and skills to drive meaningful, real-world security improvements, and will provide cyber security assessments and recommendations to a diverse team of software engineers, quality engineers, user interaction design engineers, and product owners.


This role will report to the Director, Cyber Security for GE Transportation.



As a skilled security researcher with hands-on knowledge of real-world attack techniques, you will be reviewing software and embedded system designs and deployments from an offensive security perspective and hunting for vulnerabilities that could appear under unforeseen threat scenarios. You will work closely with product development and engineering teams to integrate your findings, validate changes have effectively mitigated identified vulnerabilities, and advocate for secure coding and design principles.
Responsibilities include:

  • Testing the security of industrial control systems and embedded devices using both standard and novel principles and tools
  • Identifying known vulnerabilities in devices, and developing tests and tools to find new ones. Researching and developing new methods to identify vulnerabilities in embedded devices
  • Hunting for emerging threats to GE products, and developing tools and techniques to detect and assess such threats
  • Tracking developments in the cyber security and industrial control communities, especially related to vulnerability disclosures and hardware subversion techniques
  • Driving the adoption and use of secure software development lifecycle practices in engineering and product development
  • Consulting with GE Digital product security architects on security requirements. Implementing best practices within GE Transportation
  • Engaging in Transportation sector-specific threat modeling and attack surface analysis
  • Helping prepare reports at appropriate levels of confidentiality for stakeholders
  • Responding promptly and effectively to customers
  • Promoting effective security standards through training, workshops, knowledge sharing, and code walk-throughs
  • Contributing to and leading communications within the team, with other business units, and with customers

    Qualifications/Requirements:
    Basic Qualifications
  • Bachelor's Degree in Computer Science or in a relevant STEM major (Science, Technology, Engineering, or Math), OR a minimum 5 years of relevant work experience

    Essential Requirements

  • A working understanding of Unix-based embedded systems
  • A solid low-level understanding of computer architecture and design
  • A solid understanding of common networking protocols, and techniques to exploit insecure protocols
  • Experience with identifying software security vulnerabilities using reverse engineering techniques as well as static code reviews
  • Experience with security auditing and penetration testing principles and tools, particularly black box auditing
  • A solid understanding of the tradecraft and operating principles of sophisticated threat actors

    Desired Characteristics:

    Critical

  • Object Oriented Design and principles and ability to write high quality code
  • Strong knowledge of CI/CD and automation tools (Chef, Git, Jenkins)
  • Identity management and identity federation (SAML, Oauth, SCIM, XACML)
  • An understanding of common cryptographic principles and concepts (TLS, symmetric/asymmetric cryptography, certificates)
  • Must be available for on call for potential security response
  • Experience securing applications within cloud platforms such as AWS, Azure and alike.
  • Experience with broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment
  • Experience with auditing, risk assessments, and compliance processes
  • Experience with Security Development Lifecycle processes such as Threat Modeling

    Desired

  • Clear and confident communicator with strong interpersonal and leadership skills
  • Superior analytical, problem solving, organizational, and planning skills
  • Resourceful and quick learner; able to efficiently seek out, learn, and apply new areas of expertise as needed
  • Strong team player, comfortable partnering with stakeholders and influencing in a matrixed environment
  • Highly self-motivated and able to motivate their team; able to work and lead independently
  • Knowledge of application risk identification and evaluation techniques
  • Experience securing applications within cloud platforms such as AWS, Azure, etc.
  • Experience with broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment
  • #DTR



    Locations: United States ; Illinois; Chicago

    GE offers a great work environment, professional development, challenging careers, and competitive compensation.  GE is an Equal Opportunity Employer.  Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
    Apply Now    

    GE Careers Technical Assistance

    Having technical issues with ge.com/careers or your application? We're here to help.

    Get In Touch

    Connect With Us

    Stay up to date on GE and possible opportunities that open in areas that interest you.

    Sign Up