Sr Product Security Analyst

Job Description Summary

As a key member of a global and matrixed design team, Sr Product Security Analyst is responsible for
-Cyber security analysis of controllers, Control systems.
-Lead the software and hardware penetration testing activates
-Work in Collaboration with development teams to improve SDLC process, OSS/SAST/DAST scans.
-Streamline SBOM generation.
-Lead the cyber security testing for GE Vernova Power Conversion products and analyze the reports and suggest remediation strategy.
-Identify Product vulnerabilities, rate and report to development team.

Job Description

Essential Responsibilities:

Lead reviews, suggest architectural changes, conduct tests to ensure systems, controllers, meet Cyber security requirements. Collaborates with a team of controls and system engineers developing operational software for various subsystems. The position requires a clear understanding of OT System, and conversant with all Cyber security requirements.

• Be responsible for providing technical leadership and defining, developing security within software in a fast-paced and agile development environment using the latest secure software development technologies and infrastructure.
• Work with Cyber Security Leaders and SMEs to understand product requirements.
• Hands on experience with penetration testing for software applications, Systems, Web Application, mobile application, controllers.
• Work on Cybersecurity tools like Wireshark, NESSUS and Burp Suite
• Experienced in different phases of Software Development Life cycle (SDLC) including Design, Implementation and Testing during the development of software applications.
• Assist security champions in completing Threat Modelling and Architecture Risk Analysis on product features.
• Perform Security Code Reviews, Vulnerability Analysis and research on application code.
• Coach and mentor developers to implement cryptography solutions securely (PKI, Code Signing, Stored Secrets, et cetera)
• Provide guidance and advice on writing secure code that meets standards and delivers desired functionality, using the technology selected for the project.
• Research new application security technologies and implement them to improve application security.
• Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development.
• Promote best practices based on OWASP Top 10, SANS Top 25, and the GE Vernova SDLC.

• Bachelor /master's degree in IT/computer science or relevant engineering or equivalent knowledge / experience with 8-10 Years of Experience
• Strong understanding of fundamentals in networking, ethical hacking, cryptography, penetration testing, vulnerability analysis, risk assessment, threat modelling, cybersecurity standards like ISO 27000 and ISA/IEC 62443.
• Database RDBMS, MySQL NoSQL databases
• Software component: MS Visual Studio, MS Office, MS Visio, GitHub
• Linux and Windows OS
• Hands on experience with Enterprise Application and Web Application servers like Tomcat, and WLP.
• Certifications like CEH, OSCP, PNPT will be an added advantage.