Job Description SummaryThe Senior Product Security Lead has the mission to design and support Cyber Security for Grid Automation products.

Job Description

Essential Responsibilities

Participate in the development and delivery of competitive product cyber security solutions to support targeted growth.Implement the secure development life cycle (SDL), including security assessment, threat modelling, requirements definition, security architecture and design, penetration testing and secure deployment guide.Contribute in decisions related to technology choices and design, for alignment with the overall Grid Automation cyber security strategy and roadmap.Share best practices and lessons learned and continuously update the technical cyber security architecture, based on changing technologies, in collaboration with other product security leads, domain architects and experts.Recommend and participate in the design and implementation of standards, tools, and methodologies in the research and development community of GE Grid Automation.Develop and conduct relevant security training for various internal audience, such as product managers, software engineers and technical support.Implement the cyber security vulnerability and incident process, including vulnerability assessment, solution definition (in collaboration with the development team), communication with external parties where applicable and drafting the security advisories.Lead a team of product security leads implementing the secure development life cycle (SDL)  and the vulnerability and incident process, including security assessment, threat modeling, , requirements definition.

Qualifications / Requirements

Bachelor’s Degree from an accredited university in Engineering, Computer Science or Information TechnologyMinimum 10 years of experience with cyber security, preferably in an Operational Technology (OT) environment.

Desired Characteristics

Demonstrated knowledge and understanding of the TCP/IP network stack, communication protocols and applications, including Modbus, DNP3, IEC61850, HTTPS, LDAP, RADIUS.Demonstrated experience with Linux, VxWorks and Windows operating systems including user account management, security / system hardening, device control, and patch management.Experience with Telecom and Network Equipment (Routers, Switches, Firewalls)Experience with vulnerability assessment tools and penetration testing methodologies.Knowledge of cyber asset protection regulations and standards affecting the utilities industry including NERC-CIP, NIST, IEC62443, IEC62351Excellent oral and written communications skillsAbility to work effectively in a team and across functions, partnering with other teams in a worldwide environmentCyber security certification (ex. ISC2, SANS, ISACA, GICSP)Experience with programing and scripting languages.Strong customer service mind-setStrong interpersonal and leadership skills

Additional Information

Relocation Assistance Provided: No

#LI-Remote - This is a remote position