Listing Description
The Sr Risk Analyst will be responsible for leading, designing, developing and implementing assessments and automated solutions to enhance the application security program for GE Healthcare. Role requires developed and strong foundation skills & knowledge of relevant technologies in the development and application security assessment space. You will be a member of an integrated team working to deliver successful outcomes around automation, risk & compliance & application vulnerability analysis.Participate in security assessments, threat modeling, security design reviews and security architecture
Perform security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services, mobile applications, thick client applications, cloud, etc.)
Providing guidance and articulating technical security expertise to application owners
Create innovative tools, frameworks, and tests that check for and prevent common security bugs
Enforce secure development standards and requirements
Utilize SAST/DAST and other assessment technologies to identify and validate security vulnerabilities
Perform periodic security audits and various tasks to ensure compliance
Implement innovative tools, solutions, and processes that enable the enterprise application security program to scale and succeed
Develop and maintain meaningful risk metrics that communicate program status effectively
Minimum of 2 years of experience assessing infrastructure & applications for weaknesses
Familiar with industry regulations (SOX, GDPR, Export Control)
Experience using Scripting (Java, Go, Python or Ruby) a plus
Familiar with Splunk, SiSense, Tableau, and ServiceNow a plus
Knowledge of or experience in Agile methodology and concepts
Industry-recognized security certification, such as CISA, CISM, CISSP, etc., a plus
Comfortable and effective working in areas that require rapid problem solving – continuous learner
Strong oral and written communication skills – able to communicate appropriately to technical and management audience
In-depth experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
Knowledge of several different threat modeling methodologies and tools.
Strong experience identifying and mitigating vulnerabilities at the the web presentation layer
Understand how to identify, exploit, and remediate common application vulnerabilities through use of tools and code review
Development experience in several of languages: Java, Javascript, .NET, Phyton etc
Strong knowledge of web application vulnerabilities, exploits, and remediation techniques
Strong knowledge of secure development and secure architecture
Should have experience in security aspects of multiple platforms, operating systems, software, communications, and network protocols.
Direct experience with application security assessment technologies
Passionate about information security
Listing Details
- Citizenship: Us Citizen
- Incentives: Bonus
- Education: Bachelors Degree
- Travel: No Travel
- Telework: No Telecommute
