GE HealthCareRemote
Cyber Security Engineer
United States
Full-time
4 days ago
$106,000 - $158,000 USD
No H1B
Key skills
Application/Product SecurityThreat ModelingVulnerability ManagementCybersecurity DocumentationCloud PlatformsSecurity ComplianceIncident ResponseHealthcare Technology ExperienceCertifications OSCPCertifications CISSPCommunicationAIAWSAzureGCPKubernetesDockerCollaboration
About this role
GE HealthCare focuses on clinical applications that use AI for early disease detection. They are seeking a Cyber Security Engineer to safeguard the integrity, confidentiality, and availability of their healthcare technology products by integrating security into product development processes and managing vulnerabilities.
Responsibilities:
- Security by Design: Partner with product and engineering teams to integrate security into architecture, design, and development processes
- Threat Modeling & Risk Assessment: Conduct threat modeling, security reviews, and risk assessments for new and existing products
- Create & Maintain Cybersecurity Documentation: Delivering product release security documents, document cyber security status and process in accordance with regulations
- Vulnerability Management: Identify, triage, and drive remediation of vulnerabilities in applications and infrastructure
- Incident Response: Support product-related security incidents and coordinate with internal stakeholders for resolution
- Security Awareness: Educate developers and product managers on secure development practices and emerging threats
- Compliance & Standards: Ensure products meet internal security standards and external compliance requirements (e.g., HIPAA, HITRUST, SOC 2, ISO 27001)
Requirements:
- Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience)
- 5-8 years of experience in application/product security, with a strong understanding of secure software development
- Proficiency in threat modeling and vulnerability management
- Experience analyzing/detecting and remediating cybersecurity issues
- Experience in security/network/system administration/development or equivalent knowledge
- Familiarity with cloud platforms (AWS, Azure, GCP) and container security (Docker, Kubernetes)
- Strong communication skills and ability to influence cross-functional teams
- Relevant certifications (e.g., OSCP, CISSP, CSSLP) are a plus
- Experience working in or with healthcare technology companies or digital health platforms
- Deep understanding of HIPAA, HITECH, and 21 CFR Part 11 compliance requirements
- Knowledge of patient data privacy, PHI/PII protection, and data residency concerns
- Exposure to HITRUST CSF or similar healthcare-specific security frameworks
- Practical hands-on experience cybersecurity events investigation tracking and threat resolution
- Able to work under minimal supervision and open to collaboration