GE VernovaRemote
Senior Cyber Security Engineer (Remote Eligible, U.S.)
United States of America
Full Time
3 hours ago
$113,000 - $189,000 USD
No H1B
Key skills
CybersecurityIndustrial Control Systems (ICS)Operational Technology (OT)Product SecurityProduct Security RegulationsStandardsIEC 62443Cybersecurity AuditsCertificationsFirewallsAntivirusSecurity IncidentEvent Management (SIEM)Intrusion Detection SystemsIntrusion Prevention SystemsOperational Technology ProtocolsPLCModbusProfinetDNP3OPC DAOPC AEOPC UAIEC 61850Dynamic Application Security Testing (DAST)Static Application Security Testing (SAST)Cloud-Native Application Protection Platform (CNAPP)Vulnerability Scanning ToolsCloud SecurityCybersecurity CertificationsAIArtificial IntelligenceCommunication
About this role
GE Vernova is seeking a highly skilled and experienced Senior Cyber Security Engineer to join the Product Security team, focusing on the Wind portfolio of products. This role is responsible for leading key cyber security programs and initiatives that protect wind products across their lifecycle, including driving vulnerability remediation efforts and developing cyber security solutions.
Responsibilities:
- Lead key product cyber security programs from inception through completion, ensuring alignment with key stakeholders, business priorities, regulatory requirements, and product roadmaps
- Assess current product security posture against applicable regulatory requirements, identify gaps, and develop structured remediation plans and roadmaps
- Lead the effort to achieve and/or maintain standards-based certification for the product security program and/or specific Wind products
- Manage audit preparation activities, including coordination with internal auditors and third-party certification bodies, evidence collection, and providing responses to findings
- Support and/or drive the development, maintenance, and usage of internal tools for product security, such as the product asset inventory, vulnerability management automation
- Design, develop, and support OT/ICS cybersecurity solutions for wind farm, such as SIEM detection rules, endpoint protection (EDR/AV/application whitelisting), and network segmentation, based on customer requests, regulatory requirements, and commercial strategy
- Design, develop, and implement cyber security solutions and controls, collaborating with cross functional teams, that address identified risks, vulnerabilities, and gaps across Wind’s products, systems, and processes
- Lead root cause analysis efforts for security vulnerabilities and non-conformities, delivering findings and actionable recommendations
- Support incident response activities related to product security vulnerabilities
Requirements:
- Bachelor's Degree from an accredited university in Engineering, Computer Science, Cybersecurity, Information Technology, or related field. Alternative acceptable experience will be considered on a case-by-case basis
- Minimum 8 years of experience in cybersecurity with at least 5 years focused on industrial control systems (ICS), operational technology (OT), or product security
- Minimum 4 years of experience with product security regulations and standards, such as IEC 62443 series of standards or equivalent, especially implementation of said regulations/standards
- Experience driving preparation of a security program for cyber security audits, certifications, and/or assessment, especially those related to a product regulation
- Demonstrated knowledge and understanding cybersecurity tools/solutions (e.g., Firewalls, antivirus, security incident and event management systems, intrusion detection systems, intrusion prevention systems), including experience providing installation/configuration recommendations
- Master's degree in a relevant field
- Cyber security certification (ex. GICSP, CEH, CCNA, CISSP)
- Demonstrable in-depth knowledge of how to interpret and implement product cybersecurity regulatory requirements in a product security program through policies, standards, and procedures
- Strong understanding of operational technologies (e.g., PLCs) and protocols (e.g., Modbus, Profinet, DNP3, OPC [DA, AE, UA], IEC 61850) used in manufacturing, power generation, wind farms, SCADA systems, and other industrial environments or industrial products
- Experience using cyber security tools (e.g., Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Cloud-Native Application Protection Platform (CNAPP), Artificial Intelligence (AI), or other weakness / vulnerability scanning tools) to identify and track cyber security vulnerabilities
- Experience with cloud security principles and practices
- Ability to work independently and collaboratively as necessary with a cross-functional team
- Strong oral and written communication skills. Demonstrated ability to analyze and resolve problems
- Experience responding to product cyber security vulnerabilities