Principal Product Security Leader

☑ Основной блок:

Опыт работы: более 6 лет.

Тип занятости: полная занятость.

График работы: полный день.

Зарплата: по результату собеседования.

Примерное место работы: Россия, Москва.

☑ Актуальность объявления:

Это объявление № 2414493 добавлено в базу данных: Пятница, 24 января 2025 года.

Дата его обновления на этом интернет-ресурсе: Воскресенье, 16 марта 2025 года.

☑ Репутация компании "GE (General Electric Company)":

Читайте свежие отзывы сотрудников об этом работодателе здесь!

Оставить своё мнение об этой компании можно тут без регистрации и бесплатно.

☑ Подробности о вакантном месте:

GE Digital is the team behind Predix, the world's first cloud-based industrial operating system, empowering millions of businesses to run smarter and improve people's lives. We build the software that transforms the way people connect with their data, devices and machines. www.ge.com/digital/

Predix is a GE’s cloud platform for the Industrial Internet. It is a Platform-as-a-Service (PaaS) for developing, deploying, and monetizing Industrial Internet applications. Predix powers advanced industrial applications for power generation and distribution, oil and gas, mining, healthcare, manufacturing, transportation, aviation, intelligent infrastructure, and more. www.predix.io

Job Overview:

The Principal Product Security Leader will own project management, design, delivery, and drive implementation of security and compliance controls for securing GE Digital (Predix) initiatives. Specifically, this role will involve the development and implementation of a comprehensive roadmap of the security and compliance controls for enterprise software solutions essential to external customers on Predix.

In this role, you will:

• Lead and execute delivery and implementation of key security & compliance controls for securing Predix initiatives according to both GE Digital standards and Russian legislation requirements
• Work in partnership with the Predix development squads to ensure that cyber security is embedded in the software development process
• Drive tailored SDL practice into specific engineering
• Consult architect on security requirements and utilize best practices to meet them
• Engage in application and domain-specific threat modeling and attack surface analysis/reduction
• Working with all scrum teams for security-focused design
• Identifying and ensuring resolution of possible technical implications of each release
• Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development
• Help prepare reports at appropriate levels of confidentiality for stakeholders to view
• Responding to customer-facing departments about Predix security posture
• Responding promptly and in detail to customer-sponsored penetration tests
• Promotes standards through workshops, knowledge shares, and code walk-throughs
• Promotes best practices and design patterns
• Provides guidance on automated testing tools and techniques
• Securely on-board external developer applications and third party services as part of the overall Predix ecosystem

Basic Qualifications:

• Bachelor's Degree in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math) and/or a minimum of 4 years of equivalent experience
• A minimum of 4 years of experience in security development life cycle
• At least 4 years of experience involvement with development team(s) that delivered software based services
• Fluent in both Russian and English languages

Technical Expertise:

• Object Oriented Design and principles
• Ability to write high quality code
• Knowledge of CI/CD and automation tools (Chef, Git, Jenkins)
• Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML)
• Experienced in developing web services (SOAP/REST)
• Experience securing applications within cloud platforms such as AWS, Azure and alike.
• Experience with broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment

Desired Characteristics:

• 2+ of project management experience in developing RESTful micro-service based applications; PMP certified (preferred)
• 3+ years of hands-on experience with Agile (Scrum or XP) and test & behavior driven development, continuous integration and version control (GitHub); Certified Agile scrum master preferred
• Understanding of requirements management and user story development (Rally or similar tool)
• Working knowledge of security services including PKI, TLS, authentication services, fine grained access control, and network security services
• Knowledge of application risk identification and evaluation techniques
• Evaluate different products in security space and recommend and implement most optimal solutions
• Hands-on experience with analyzing threat reports, vulnerability reports and drive towards implementing them
• Experience with secure architectures, identity and access management principles, application security, encryption technologies, DNS, SOA, database and web applications

Successful candidates will be employed under local employment conditions and must already satisfy local employment/work permit and residency regulations.

☑ О компании:

Логотип (эмблема, торговая марка, бренд) компании:

Сфера деятельности компании: Промышленное оборудование, техника, станки и комплектующие; Тяжелое машиностроение; Электроника, приборостроение, бытовая техника, компьютеры и оргтехника; .

☑ Отклинуться сообщением, резюме, запросить телефон, отправить жалобу (претензию):