Sr. Product Cyber Security Leader
Job Description Summary
The Cyber Security leader will lead all engineering aspects of the Operational Technology (OT) Security program for the Onshore Wind Turbine business. This role will function as a technical liaison between various engineering, product management, services, sourcing, legal as well as external stakeholders on cybersecurity architecture, requirements, and risk management.Job Description
About us:
GE’s Onshore Wind business has a total installed base of more than 50,000 wind turbines in more than 35 counties, with 100+ GW of global installed capacity. We harness increased onshore wind energy potential through a broad family of turbines that are uniquely suited for a variety of wind environments, including Cypress, GE’s most powerful onshore wind turbine, and GE’s 2MW platform, which has more than 20GW installed and in operation today. We are committed to our customers’ success in wind, offering a broad portfolio of products and services that make renewables the energy of choice for a cleaner future.
Roles and Responsibilities:
- Grow and maintain a program that advises leadership of the top security risks and overall security health of the Wind Farm Integrated Control System (ICS), SCADA and associated software
- Lead the secure development and delivery of competitive systems and solutions offerings to promote growth
- Build and execute engineering processes for early detection of design flaws, vulnerabilities, weaknesses, and missing security controls
- Collaborate with engineering and other stakeholders to ensure security assurance tasks are completed throughout the development lifecycle and effective security mitigations are integrated into the product
- Ensure product compliance with applicable security standards, GE Vernova policies and best practice. Stay informed of industry trends that may inform work
- Establish and track cyber priorities across entire product portfolio
- Perform cyber design and implementation reviews, vulnerability management, and incident response
- Initiate and manage security assessments and drive remediation and security controls validation
- Act as customer-facing subject matter expert, support contract negotiations and ITO activities, and provide solutions, recommendations and security strategy when called upon
- Interprets simple internal and external business challenges and recommend best practices to improve products, processes, or services
- Mentor and assist product development engineers with implementing and maintaining secure software design lifecycle (SSDLC)
- May lead functional teams or projects with minimal resource requirements, risk, and/or complexity. Communicates difficult concepts and may influence others' options on particular topics. May guide others to consider a different point of view.
Required Qualifications:
- Bachelor’s Degree from an accredited university in Engineering, Computer Science or Information Technology
- Minimum 5 years of experience in cyber security applications for IT or OT
Desired Characteristics:
- Uses high level of judgment to make decisions and handle complex tasks or problems in areas of operational, product management, manufacturing, technology or engineering with respect to cyber security. Has ability to assess quality of information given and ask pertinent questions to stakeholders.
- Strong oral and written communication skills. Strong interpersonal and leadership skills. Demonstrated ability to analyze and resolve problems. Demonstrated ability to lead programs / projects. Ability to document, plan and execute programs.
- Able to offer new solutions to problems outside of set parameters and able to construct and provide recommendations. Uses multiple internal and some external sources outside of own function to help arrive at a decision
- Expertise and leadership across all aspects of SSDLC
- Working knowledge of cyber asset protection regulations and standards affecting the power utilities industry including NERC-CIP, NIST, IEC62443, IEC62351
- Recent experience supporting the GE Vernova Sales and Legal teams with contract reviews and negotiations specific to cyber security
- Hands on experience with threat modelling, attack surface identification, cyber risk analysis, security requirements capture, secure architecture, system and network hardening, code reviews, penetration testing and security validation / testing
- Ability to work effectively across functions, partnering with other teams in a worldwide environment
- Master's Degree from an accredited university in Engineering, Computer Science or Information Technology
- Cyber security certification (ex. GICSP, CEH, CCNA, CISSP) is a plus
- Established project management skills
- Wind Turbine product knowledge is a strong plus
- Demonstrated experience with Microsoft Windows and/or Linux operating systems including access and identity management, system hardening & device control, and patch management
- Demonstrated knowledge and understanding of the TCP/IP network stack and communication protocols including Modbus, OPC (DA, AE, UA), DNP3, IEC 104, IEC61850 etc.
- Familiarity with Intrusion Detection, Malware detection and Security Monitoring solutions
- Familiarity with Industrial Automation and Control Systems products and components including PLCs, SCADA and DCS
Additional Information
GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
GE will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable).
Relocation Assistance Provided: No