Location(s): United States ; Michigan, New York, Ohio, Georgia; Atlanta, Van Buren Township, Schenectady, Cincinnati
About Us: GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry. GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
Role Summary: The Application Security Development Leader will lead the development teams in Power by providing strategic and organizational leadership. In this role, you will have the opportunity to build the SecDevOps model for Power which includes implementing new processes and solutions to reduce security vulnerabilities in the development lifecycle. The successful candidate will have the ability to articulate, design, and implement scalable security solutions in a distributed and matrixed environment.
Essential Responsibilities: As the Application Security Development Leader, you will:
Communicate with technical application security concepts to developers, architects, and managers and create a trusted technical advisor” relationship with technologists and technical teams
Work with enterprise architects and developers to design optimal security practices when developing new application functionality and develop solutions to ensure the use of secure coding practices are embedded and automated in the development life cycle
Build security solutions into an application that strengthen the protection and detection of vulnerabilities. Develop a proactive secure development approach with adaptive security architectures. Experience with RASP and Prevoty is a plus
Ensure new system builds entail appropriate security packages, tools, logging and monitoring applications are configured properly
Partner with multiple GE Power and GE Digital teams to architect technology solutions that automate cyber security controls
Establish code deployment best practices and strategies for Power to protect and secure access to code
Act as a Subject Matter Expert in the discovery and investigation of critical security vulnerabilities within application code as required
Conduct manual application security testing and source code auditing for a variety of technologies and code-types
Define legacy application security strategy and oversee its tactical execution as part of an overall security by design strategy
Have working knowledge of security services including PKI, TLS, authentication services, fine grained access control, and network security services
Demonstrate the ability to make informed technology choices after due diligence and impact assessment
Possess advanced domain knowledge serve as an expert in methodologies in the build, release & deployment processes
Possess strong software skills (i.e. Python, nodejs, Java, and similar programming languages)
Promote and champion SecDevOps culture
Be an expert in assessing application security through design and best coding practices
Be responsible for providing technical leadership and defining, developing, and evolving software in a fast paced and agile development environment using the latest software development technologies and infrastructure
Bachelor’s Degree in Computer Science or in “STEM” Majors (Science, Technology, Engineering and Math).
Minimum of 5 years of professional experience in Software Development/Data ETL/Cloud Infrastructure OR Master’s degree with 1 years of experience in Software Development
Minimum of 2 years of professional experience working with and implementing source code repositories such as GIT, GitHub, SourceForce
Minimum of 2 years of professional experience working with automation tools such as Jenkins and Bamboo
Minimum of 2 years of professional experience devising, implementing, and managing project development pipeline strategies
Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job
Experience with secure architecture and design, cloud technologies, application security, network security, encryption and key management technologies, identity and access management principles, Service Oriented Architecture, database, ERP, PLM, and mobile and web applications
Expertise with SDLC, OWASP, CSA, NIST & ISO security requirements
Strong team leadership and interpersonal skills, with ability to lead down and present up to senior leadership
Demonstrated oral and written communication skills and ability to work cross functionally
CISSP, GIAC certification, or other security certifications
Experience implementing security in a SecDevOps, DevOps, NoOps, and/or Agile environments
Experience with RASP, Previty
Deep domain expertise in the following areas: computer / OS security, web and database server security, middleware security, infrastructure / network security, application security, and cloud security.
Demonstrated ability to proactively analyze and solve complex problems
Experience with Information Security and Risk processes inside of GE (GE employees only)
Locations: United States ; Michigan, New York, Ohio, Georgia; Atlanta, Van Buren Township, Schenectady, Cincinnati
We are in the process of transitioning to an improved job application system and in the interim we are operating with two systems. Have your Job ID ready (from the email you received when you applied) to log in and check your application status.
Click the appropriate button. If you don't know your job ID, you can still check your status: use both buttons.