JOB DESCRIPTION SUMMARY

The Staff Software Architect – Product Security position is a key role within General Imaging (GI) Ultrasound with a focus on vulnerability management and incident response capability. In this role you will work in a team to identify risks and communicate and track product vulnerabilities.
GE HealthCare is a leading global medical technology and digital solutions innovator. Our mission is to improve lives in the moments that matter. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world.

REQUIRED QUALIFICATIONS

• Bachelor’s degree in computer science or “STEM” Majors (Science, Technology, Engineering and Math) with minimum of 6 years of professional experience including Cyber Security
• Certification in the Privacy, Security & Regulatory domain or related certification
• Experience in object-oriented design methodology and various programming languages such as C/C++. Hands-on experience in C++ on Windows a plus.
• Working knowledge in configuration management tools such as Perforce, GIT, ClearCase, etc…
• Experience working with Windows API and application programming
• Experience in software platform, advanced applications, user-interface design and/or systems engineering especially in the healthcare domain –preferably Ultrasound
• Good skills in knowing how to debug software issues
• Experience with multicore and multi-threaded software design and computing environment
• Experience driving technical design reviews
• Strong interpersonal skills, including creativity and curiosity with ability to effectively communicate, and influence across all organizational levels
• Proven analytical and problem resolution skills
• Demonstrated ability to work with and/or lead blended teams, including global teams
• Experience setting up and maintaining automation in CI/CD workflow pipelines a plus

Duties include (but are not limited to):

• Technical ownership of product security feature deliverables, with the ability to gather and analyze data, develop architectural requirements and lead implementation efforts
• Work closely with cross-functional teams in requirements gathering and software design Roles and Responsibilities
• Scope and participate in hardware and software penetration tests, vulnerability identification and vulnerability risk assessment
• Engage in incident response methods, lead incident response processes related to product cyber
• Create and track meaningful metrics around product cyber risk and compensating controls
• Create vulnerability and incident trend analysis to improve product design
• Maintain cyber Bills of Material and conduct proactive vulnerability monitoring and assessment on cyber components
• Engage and administer End of Life processes for digital products
• Consult architects on security requirements and utilize best practices to meet requirements
• Engage in application and domain-specific threat modeling and attack surface analysis/reduction
• Respond promptly and in detail to customer-sponsored penetration tests
• Provide guidance on automated testing tools and techniques
• Discover and mitigate vulnerabilities in sensitive Critical Infrastructure/ Key Resource Domains (CI/KR)
• Develop and design innovative cyber security solutions for unique and complex technologies
• Work in partnership with government agencies, leading industry experts, and academia
• Leverage traditional and non-traditional research methodologies to advance GE HealthCare’s overall Cybersecurity practice
• Assess and investigate specific threats in terms of severity and impact
• Create detailed reports on vulnerabilities, bugs, and design flaws
• Create IPS/IDS rules or other mitigations to protect vulnerable systems
• Interact with global teams to promote consistency and maximize synergies across common software platforms
• Able to join the team and gain mastery of the Ultrasound domain and contribute towards the development Software Infrastructure
• Drive world-class quality in the development and support of products
• Apply principles of SDLC and methodologies like Lean/Agile/XP, CI, Software and Product Security, Scalability, Documentation Practices, refactoring and Testing Techniques
• Understand performance parameters and assess application performance
• Proactively share information across the team, to the right audience with the appropriate level of detail and timeliness
• Design, develop, implement, test and deploy subsystem/security solutions and apply in-depth knowledge of product related technologies, technology platforms, architectures, engineering design principles and advancements
• In collaboration with principal engineers/architects and execution leaders, assist in the analysis, design and development of the product roadmap
• Manage design evolution across multi-generation product releases
• Perform design and code reviews, and provide feedback on product security