Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Jobs InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Sr. Staff Cybersecurity Engineer
Company GE Aviation
Location USA Remote, CST/EST timezones
Preferred GIAC Certifications GCLD, GWEB, GPCS, GCSA
Travel 5%
Salary Depends on Experience
URL https://jobs.gecareers.com/aviation/global/en/job/R3592833/Sr-Staff-Cyber-Security-Architect
Contact Name apply via link provided
Contact Email use/at/link.provided
Expires 2021-12-11

Job Description


PLEASE NOTE- we are looking for one azure focused and one AWS focused professional. This posting will cover two roles.

Job Description Summary
Are you excited to join a growing team working in the cloud security architecture and engineering? The GE Aviation Systems Team is hiring a Senior Staff Cyber Security Architect. This individual will be an important part of the Cyber Security team in keeping the business safe from any external, internal threats and make a difference in the digital product security space.

This is an excellent opportunity for someone who is a self-starter, results oriented, solves challenging security problems and secure GE Aviation Systems IP and customers data. Apply today!
Job Description
Essential Responsibilities:

Ensure security is designed and integrated into digital products leveraging cloud, on-prem and at customer location deployment models.
Provide security leadership and domain expertise (IaaS & PaaS) in the cloud cyber security in AWS. Also seeking a second role with equivalent expertise in Azure.
Lead various cloud security aspects like network, compute, storage, database, and PaaS in the cloud domain.
Expert guidance on Application security to engineering teams by leveraging secure development life cycle.
Perform Threat modeling and Architecture risk analysis on digital software products.
Lead Secure code reviews, Vulnerability analysis and Remediation for digital products.
Provide incident handling support for security related incidents reported for software products.
Influence developers to write secure code and implement secure engineering practices.
Validates and attest security controls effectiveness in the digital products.
Collaborate and partner with product and engineering partners like managers, architects, and developers in the roadmap planning, prioritization, and implementation.
Function as cyber security leader in daily Sprint stand up and provide ownership for all aspects of security lifecycle in the product release.
Ability to work in a fast paced, dynamic environment, with shifting priorities; must be comfortable with the change and actively driving improvements.
Qualifications/Requirements:

Bachelor’s degree from an accredited university or college with minimum of 6 years of professional experience OR Associates degree with minimum of 9 years of professional experience OR High School Diploma with minimum of 11 years of professional experience
Minimum 5 years of professional experience in Cyber Security Architecture or IT
Eligibility Requirements

Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job.
Must be willing to travel up to 5%.
Desired Characteristics:

Highly skilled security architect who enjoys security work and collaborating with product managers and developers to drive the successful adoption of innovative methods in developing secure applications in the cloud
Proficiency in at least one programming language (Java, Node.JS, Python, or C/C++, .Net)
Familiar with at least one Infrastructure as Code (IaC) scripting language (ARM, Terraform, PowerShell, CloudFormation)
Experience conducting static code reviews and applying security auditing and/or dynamic scanning testing principles and tools
Working knowledge of OWASP Web/API vulnerabilities (CSRF, XSS, SQLI, etc.) and compensating controls
Experience securing applications within cloud platforms such as AWS, Azure
Knowledge of secure architecture and design principles
Familiar with Risk Controls frameworks and procedures (NIST800-53, ISO, etc.)
Knowledge of Web/API security architecture common authentication and authorization technologies (OIDC, OAuth2, Spring Security, HMAC, WS-Security, WS-Trust) preferred
Solid understanding of applied cryptography fundamentals (Encryption, Authentication, Symmetric Cryptography, Asymmetric Cryptography etc.)
Good understanding on Privacy standards like PII, GDPR, CCPA etc.
Familiar with Governance, Risk and Compliance functions within a cyber security program.
Familiar with Threat management and incident respond functions within a cyber security program.
Prefer one or more of the following cyber security certifications: Certified Information Systems Security Professional (CISSP) or Certified Cloud Security Professional (CCSP) or Certified Information Security Manager (CISM)
Note:

Open to all remote locations in the Central and Eastern time zones. US based only.
This role is restricted to U.S. persons (i.e., U.S. citizens, permanent residents, and other protected individuals under the Immigration and Naturalization Act, 8 U.S.C. 1324b(a)(3)) due to access to export-controlled technology. GE will require proof of status prior to employment.

Additional Information
GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

GE will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable).

Relocation Assistance Provided: Yes