We are looking for a Sr Staff Product Security Leader to work with teams comprised of Software Engineers, Quality Engineers, User Interaction Design Engineers, Infrastructure/Platform team, and the Product Owners to identify inherent cyber security risks and to develop and track controls to reduce risk within BHGE's products. This role will blend strong technical expertise and program management skills.Essential Responsibilities
You are a highly skilled security Engineer who enjoys security work and collaborating with product managers and developers to drive the successful adoption of innovative methods in developing secure applications and protecting the overall environment. In this role, you will:
- Manage all aspects of Cloud Security Operations for AWS/Azure/GCP
- Drive tailored SDL practice into specific engineering
- Create and track meaningful metrics around product cyber risk and compensating controls
- Consult, architect on security requirements and utilize best practices to meet them.
- Design, implement and Manage Cloud Security Controls, i.e. Network Security, Parameter Security, Privileged Access Management, multi factor authentication, Identity and Access Management, etc.
- Engage in application and domain-specific threat modeling and attack surface analysis/reduction
- Working with all scrum teams for security-focused design
- Identifying and ensuring resolution of possible technical implicatio
Desired CharacteristicsTechnical Expertise:
- Bachelor's Degree in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math) and/or a minimum of 4 years of equivalent experience
- A minimum of 4 years of experience in security development life cycle
- At least 4 years of experience involvement with development team(s) that delivered software based services
- Experience with cyber security framework (NIST 800-53, ISO 27001, IEC 62443, etc.) implementation and governance
- Program and Project Management experience; expertise with Agile development teams
- Knowledge of CI/CD and automation tools (Chef, Git, Jenkins)
- Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML)
- Experienced in developing web services (SOAP/REST)
- Must be available for on call for potential security response
- Knowledge of application risk identification and evaluation techniques
- Knowledge of Cyber Security and full knowledge of multiple related engineering functions
- Experience securing applications within cloud platforms such as AWS, Azure and alike.
- Experience with broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment