About Us: GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry. GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
We are looking for a skilled Application Security professional to apply their expertise to GE’s cutting edge Predix and cloud-based industrial internet platforms. The successful candidate in this role will use their technical insight and development skills to analyze, secure, and protect applications that run some of the world’s biggest freight networks, make locomotives more efficient, and optimize cargo handling at the busiest port in North America.
As a member of GE Transportation’s (GET) Product Cyber Team, you will collaborate with development and engineering groups in Chicago and around the world to drive threat modeling exercises, lead security-focused architecture and code reviews, oversee application security tests, and validate security improvements to ensure GE Transportation products lead the market in security.
This role reports to the Director, Cyber Security for GE Transportation.
Coach product development teams on secure design principles, development practices, and application hardening.
Audit and exploit applications and systems under development to expose vulnerabilities, and demonstrate possible fixes. Analyze and validate completed security improvements and CVE patches.
Drive secure cloud deployment techniques.
Lead and perform GET security evaluations, vulnerability audits, and code reviews.
Engage in product-specific threat modeling, and attack surface analysis. Work with product owners and engineering leadership to ensure products designs are secure and defensible.
Conduct proactive research on emerging exploitation techniques and hunt for threats to GET products.
Bachelor's Degree in Information Systems (IS), Information Technology (IT), Computer Science, or Engineering OR a minimum 5 years of relevant work experience.
Minimum of 4 years of experience in application development.
Legal authorization to work in the U.S. is required. GE may sponsor individuals for employment visas, now or in the future, for this job opening.
Must be available on-call for potential assistance to incident response efforts or security events.
Must be available for travel as necessary. Travel anticipated to average no more than 10%.
Proficiency in at least one programming language (Java, Node.JS, Python, or C/C++)
Experience conducting static code reviews and applying security auditing and/or penetration testing principles and tools.
Working knowledge of OWASP Web/API vulnerabilities (CSRF, XSS, SQLI, etc.) and compensating controls.
Knowledge of Federated security architecture, flows, and standards (SAML, OpenID_Connect, and JSON_Web-Token (JWT)).
Experience securing applications within cloud platforms such as AWS, Azure, CloudFoundry, etc.
Strong knowledge of CI/CD and automation tools (Chef, Git, Jenkins, etc).
Knowledge of secure architecture and design principles
Experience with application and protocol fuzzing.
Knowledge of Risk Controls frameworks and procedures (NIST 800-53, DFARS, etc.).
Knowledge of API security architecture common authentication technologies (OAuth2, Spring Security, HMAC, WS-Security, WS-Trust, or XACML) preferred.
Ability to work independently in a fast paced, dynamic environment with shifting priorities.
Passionate about finding novel solutions to tough information security problems.
Strong team player. Comfortable partnering with stakeholders and using influence to accomplish goals.
We are in the process of transitioning to an improved job application system and in the interim we are operating with two systems. Have your Job ID ready (from the email you received when you applied) to log in and check your application status.
Click the appropriate button. If you don't know your job ID, you can still check your status: use both buttons.