Sr Staff Product Security Leader
GE Capital
35 gg fa

Role Summary :

The Sr. Staff Product Security Leader will collaborate with development teams around the world to drive threat modeling exercises, lead security-

focused architecture and code reviews, oversee security tests, and validate security designs across numerous Aviation products, which include embedded and web-

based products and services. You will be a developer security evangelist and will provide thought leadership & help guide developers in secure coding practices.

Essential Responsibilities :

In this role, you will :

  • Coach product development teams on secure design principles, development practices, and application hardening.
  • Perform Threat Modeling and Architecture Risk Analysis on software products.
  • Perform Security Code Reviews, Vulnerability Analysis and research on application code.
  • Coach and mentor developers to write and implement cryptography (PKI, Code Signing, etc)
  • Guide developers to write secure code and implement secure engineering practices.
  • Provide response for security related incidents reported for software products.
  • Engage subject matter experts in successful transfer of complex domain knowledge
  • Provide guidance and advise on writing secure code that meets standards and delivers desired functionality using the technology selected for the project.
  • Audit and exploit applications and systems under development to expose vulnerabilities, and demonstrate possible fixes.
  • Analyze and validate completed security improvements and CVE patches.

    Qualifications / Requirements :

    Basic Requirements :

  • Bachelor’s degree in computer engineering or in a STEM major (SCIENCE, TECHNOLOGY, ENGINEERING, OR MATH).
  • Minimum of 10 years of professional experience with web-based and / or embedded systems and applications.
  • Eligibility Requirements

  • Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job.
  • GE will only employ those who are legally authorized to work in the United States for this opening.
  • Travel - up to 10%
  • Desired Characteristics :

  • Highly skilled security Engineer who enjoys security work and collaborating with product managers and developers to drive the successful adoption of innovative methods in developing secure applications.
  • Proficiency in at least one programming language (Java, Node.JS, Python, or C / C++)
  • Experience conducting static code reviews and applying security auditing and / or penetration testing principles and tools.
  • Working knowledge ofOWASP Web / API vulnerabilities (CSRF, XSS, SQLI, etc.) and compensating controls.
  • Experience securing applications within cloud platforms suchas AWS, Azure, CloudFoundry, etc
  • Knowledge of secure architecture and design principles
  • Knowledge of Risk Controls frameworks and procedures (NIST800-53, DFARS, etc.).
  • Knowledge of API security architecture common authentication technologies (OAuth2, Spring Security, HMAC, WS-Security, WS-Trust, or XACML)preferred.
  • Solid understanding of computer architecture, especially the hardware components, Software stack and protocols.
  • Experience in security technologies like TXT, TPM, TrustZone etc. This could overlap with experience in embedded systems.
  • Solid understanding of applied cryptography fundamentals (Encryption, Authentication, Symmetric Cryptography, Asymmetric Cryptography etc)
  • Invia candidatura
    Aggiungi ai preferiti
    Rimuovi dai favoriti
    Invia candidatura
    La mia Email
    Cliccando su “Continua”, autorizzo neuvoo ad utilizzare i miei dati ed inviarmi avvisi email come menzionato nella sezione Politica sulla Privacy di neuvoo. Posso ritirare il mio consenso e cancellare la registrazione in qualsiasi momento.
    Modulo di candidatura