Sr Risk Analyst - Application Security Focus

Job description

3116805
Additional Cities

Wauwatosa, Chicago, Van Buren Township
Career Level

Experienced
Relocation Assistance

No
Business

GE Healthcare
Business Segment

Healthcare Digital Enterprise Technology
Function

Digital Technology
Country/Territory

United States
Additional States/Provinces

Illinois, Michigan, Wisconsin
Postal Code

53226-4856
Role Summary/Purpose

The Sr Risk Analyst will be responsible for leading, designing, developing and implementing assessments and automated solutions to enhance the application security program for GE Healthcare. Role requires developed and strong foundation skills & knowledge of relevant technologies in the development and application security assessment space. You will be a member of an integrated team working to deliver successful outcomes around automation, risk & compliance & application vulnerability analysis.
Essential Responsibilities

·  Participate in security assessments, threat modeling, security design reviews and security architecture

·  Perform security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services, mobile applications, thick client applications, cloud, etc.)

·  Providing guidance and articulating technical security expertise to application owners

·  Create innovative tools, frameworks, and tests that check for and prevent common security bugs

·  Enforce secure development standards and requirements

·  Utilize SAST/DAST and other assessment technologies to identify and validate security vulnerabilities

·  Perform periodic security audits and various tasks to ensure compliance

·  Implement innovative tools, solutions, and processes that enable the enterprise application security program to scale and succeed

·  Develop and maintain meaningful risk metrics that communicate program status effectively
Qualifications/Requirements

Basic Qualifications:

·  Bachelor’s Degree in Computer Science or in “STEM” Majors (Science, Technology, Engineering and Math) or Information Technology

·  Minimum of 2 years of experience assessing infrastructure & applications for weaknesses
·  Familiar with industry regulations (SOX, GDPR, Export Control)

·  A minimum of 5 years of professional experience

Eligibility Requirements:

·  Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job.

·  Must be willing to travel up to 10%

·  Must be willing to work out of an office located in Wauwatosa, WI, Chicago, IL, or Van Buren Township, MI
Desired Characteristics

·  Experience using Scripting (Java, Go, Python or Ruby) a plus

·  Familiar with Splunk, SiSense, Tableau, and ServiceNow a plus

·  Knowledge of or experience in Agile methodology and concepts

·  Industry-recognized security certification, such as CISA, CISM, CISSP, etc., a plus

·  Comfortable and effective working in areas that require rapid problem solving – continuous learner

·  Strong oral and written communication skills – able to communicate appropriately to technical and management audience

·  In-depth experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.

·  Knowledge of several different threat modeling methodologies and tools.

·  Strong experience identifying and mitigating vulnerabilities at the the web presentation layer

·  Understand how to identify, exploit, and remediate common application vulnerabilities through use of tools and code review

·  Development experience in several of languages: Java, Javascript, .NET, Phyton etc

·  Strong knowledge of web application vulnerabilities, exploits, and remediation techniques

·  Strong knowledge of secure development and secure architecture

·  Should have experience in security aspects of multiple platforms, operating systems, software, communications, and network protocols.

·  Direct experience with application security assessment technologies

·  Passionate about information security

#DTR
About Us

GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry.
GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is anEqual Opportunity Employer . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
Additional Eligibility Qualifications

GE will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen.
Primary Country

United States