HVDC - Product Security Leader

Job Description Summary

The HVDC Product Security Leader (PSL) leads the Secure Development Lifecycle (SDL) process on all NPI/Product care scope and coordinate with Development and Validation Teams along with domain experts and CTHs associated.
This role is responsible to track and validate SDL artifacts from specifications to test, delivery and monitoring. The role is also responsible of managing the products/systems vulnerabilities and incidents in coordination with concerned Teams.

The PSL will be directly reporting to HVDC NPI Leader and will functionally report to Global GSI Cybersecurity Leader.

Job Description

Responsibilities:

• Responsible for the execution of the products Secure Development Lifecycle (SDL) and Incident and Vulnerability Management compliance according to GE policies. This includes requirements definition, threat modeling, static code analysis results analysis, high level design validation and test strategy specifications, security assessments, penetration testing, secure deployment guides, security bulletins publication.
• Coordinate with R&D software teams to ensure all relevant SDL artifacts are ready and verified for the NPI technical reviews and ensure tracking.
• Contribute to decisions related to technology choices and design, for alignment with the overall scope cyber security strategy and roadmap
• Contribute to cyber security testing tools specifications, testing and evaluation of new security technology and products.
• Implement the cyber security vulnerability and incident process, including vulnerability assessment, solution definition (in collaboration with the development team), communication with external parties where applicable and drafting the security advisories.
• Share best practices and lessons learned and continuously update the technical cyber security architecture, based on changing technologies, in collaboration with other product security leads, domain architects and experts.
• Develop and conduct relevant security training for various internal audience, such as product managers, software engineers and technical support

• Bachelor's Degree in Engineering, Computer Science, or Information Technology from an accredited university
• Experience with secure software development (SDL), security best practices software development
• Minimum 10 years of experience in secure software design, secure coding, and security testing (including static code analysis), preferably in an Operational Technology (OT) environment
• Demonstrated knowledge and understanding of network communications protocols in the TCP/IP network stack.
• Awareness of latest technical developments in the cyber security community
• Demonstrated experience with Linux, VxWorks and Windows operating systems including user account management, security / system hardening, device control, and patch management.
• Experience with Telecom and Network Equipment (Routers, Switches, Firewalls)
• Demonstrated experience with secure testing tools, fuzzing, and vulnerability assessment reviews
• Experience with security technologies, such as
  • Symmetric and asymmetric cryptography and PKI infrastructure
  • LDAP, RADIUS, SSH, SFTP, HTTPS, SYSLOG
  • Encryption, TLS, RSA and code signing

• Knowledge of cyber security standards and regulations affecting the utilities industry, such as IEC 62443, NERC CIP, IEEE 1686, IEC 62351
• Excellent oral and written communication skills
• Ability to work effectively in a team and across functions, partnering with other teams in a worldwide environment

• Experience with penetration testing
• Knowledge and understanding of industrial communications protocols including Modbus, DNP3/IEC-104 and IEC 61850.
• Cyber security certification (ex. ISC2, SANS, ISACA, CISSP) is a plus
• Experience with programing and scripting languages.
• Strong customer service mind-set
• Strong interpersonal and leadership skills

• GE leadership behaviors: deliver with focus, lead with transparency and act with humility
• Pro-activeness, sense of urgency, resistance to pressure, autonomy; ability to interact with multiple functions and teams worldwide
• Continuous improvement mindset
• Fluent English speaking and writing mandatory
• Strong oral and written communication skills