GE Careers
Apply Now    

Staff Application Security Researcher

  • GE Transportation
  • Experienced
  • Posted 7/26/2017 4:59:39 PM
  • 2823884
  • Job Function: Digital Technology
  • Business Segment: GET Transportation
Location(s): United States; Illinois; Chicago


About Us:
GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry.
GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

Role Summary:

We are looking for a skilled Application Security
professional to apply their expertise to GE’s cutting edge Predix and
cloud-based industrial internet platforms. The successful candidate in this
role will use their technical insight and development skills to analyze,
secure, and protect applications that run some of the world’s biggest freight
networks, make locomotives more efficient, and optimize cargo handling at the
busiest port in North America.



Essential Responsibilities:

As a member of GE Transportation’s (GET) Product Cyber Team,
you will
collaborate with development and engineering groups in
Chicago and around the world to drive threat modeling exercises, lead
security-focused architecture and code reviews, oversee application security
tests, and validate security improvements to
ensure GE Transportation
products lead the market in security.



This role reports to the Director, Cyber Security for GE
Transportation.



  • Coach product development teams on secure design principles,
    development practices, and application hardening.
  • Audit and exploit applications and systems under
    development
    to expose vulnerabilities, and demonstrate possible fixes. Analyze and validate
    completed security improvements and CVE patches.
  • Drive secure cloud deployment techniques.
  • Lead and perform GET security evaluations, vulnerability
    audits,
    and code reviews.
  • Engage in product-specific threat modeling, and attack
    surface analysis. Work with product owners and engineering leadership to ensure
    products designs are secure and defensible.
  • Conduct proactive research on emerging exploitation
    techniques and hunt for threats to GET products.













Qualifications/Requirements:

Basic Qualifications:



  • Bachelor's Degree in Information Systems (IS), Information
    Technology
    (IT), Computer Science, or Engineering OR a minimum 5 years of relevant work
    experience.
  • Minimum of 4 years of experience in application development.





Eligibility Requirements:



  • Legal authorization to work in the U.S. is required. GE may
    sponsor
    individuals for employment visas, now or in the future, for this job opening.
  • Must be available on-call for potential assistance to
    incident response efforts or security events.
  • Must be available for travel as necessary. Travel
    anticipated to average no more than 10%.







Desired Characteristics:

  • Proficiency in at least one programming language (Java,
    Node.JS, Python, or C/C++)
  • Experience conducting static code reviews and applying
    security auditing and/or penetration testing principles and tools.





Technical Expertise



  • Working knowledge of
    OWASP Web/API vulnerabilities (CSRF, XSS, SQLI, etc.) and compensating
    controls.
  • Knowledge of Federated security architecture, flows, and
    standards (SAML, OpenID_Connect, and JSON_Web-Token (JWT)).
  • Experience securing applications within cloud platforms such
    as
    AWS, Azure, CloudFoundry, etc.
  • Strong knowledge of CI/CD and automation tools (Chef, Git,
    Jenkins, etc).
  • Knowledge of secure architecture and design principles
  • Experience with application and protocol fuzzing.
  • Knowledge of Risk Controls frameworks and procedures
    (NIST
    800-53, DFARS, etc.).
  • Knowledge of API security architecture common authentication
    technologies (OAuth2, Spring Security, HMAC, WS-Security, WS-Trust, or XACML)
    preferred.

















Personal Attributes



  • Ability to work independently in a fast paced, dynamic
    environment with
    shifting priorities.
  • Passionate about finding novel solutions to tough
    information security problems.
  • Strong team player. Comfortable partnering with stakeholders

    and
    using influence to accomplish goals.







#DTR



Locations: United States; Illinois; Chicago

GE offers a great work environment, professional development, challenging careers, and competitive compensation.  GE is an Equal Opportunity Employer.  Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
Apply Now    

GE Careers Technical Assistance

Having technical issues with ge.com/careers or your application? We're here to help.

Get In Touch

Connect With Us

Stay up to date on GE and possible opportunities that open in areas that interest you.

Sign Up