Senior Cyber Security Engineer
GE HealthCare · Waukesha, WI · 2 wk ago
Information TechnologyFull-time
About the role
We are seeking an experienced Senior Security Engineer to lead and execute security architecture, design, vulnerability management, and risk analysis across both cloud and on-premises environments. This role is responsible for ensuring secure-by-design implementations, proactive risk identification, and continuous improvement of the enterprise security posture across platforms, infrastructure, and applications.
Responsibilities
- Security Architecture & Design
- Design, review, and govern security architectures for cloud (AWS/Azure/GCP) and on-prem infrastructure.
- Ensure alignment with enterprise security standards, threat models, and regulatory requirements.
- Provide security design guidance for new platforms, applications, and services.
- Participate in architecture and design reviews to identify risks early and recommend mitigations.
- Cloud & Infrastructure Security
- Implement and manage cloud security controls including IAM, network security, data protection, logging, and monitoring.
- Secure on-prem environments including servers, networks, virtualization platforms, and hybrid integrations.
- Support secure configuration baselines and hardening standards for cloud and on-prem systems.
- Vulnerability Management
- Own and drive the vulnerability management lifecycle, including discovery, triage, risk scoring, remediation guidance, and verification.
- Analyze scan results and penetration test findings to determine true risk and business impact.
- Partner with engineering and infrastructure teams to prioritize remediation efforts.
- Risk Analysis & Threat Modeling
- Perform security risk assessments, threat modeling, and impact analysis for systems and services.
- Translate technical findings into clear risk statements and actionable recommendations.
- Support ongoing risk tracking and reporting for leadership and audit readiness.
- Security Operations & Governance
- Contribute to incident response investigations from a technical analysis perspective.
- Support compliance initiatives (e.g., ISO, SOC, HIPAA, IEC 62304, NIST) by providing technical evidence and assessments.
- Develop and maintain security standards, patterns, and reference architectures.
Qualifications
- 8–12 years of experience in cyber security engineering, with hands-on expertise in both cloud and on-prem environments.
- Strong experience with cloud platforms (AWS, Azure, or GCP) and associated security services.
- Proven background in security architecture, design reviews, and infrastructure security.
- Hands-on experience with vulnerability scanning tools, risk assessment methodologies, and remediation processes.
- Solid understanding of network security, operating system security, and identity and access management.
- Strong analytical and communication skills, with the ability to explain security risks to both technical and non-technical stakeholders.
Preferred Qualifications
- Experience working in regulated environments (healthcare, medical devices, finance, or similar).
- Familiarity with security frameworks and standards such as NIST, ISO 27001, CIS, OWASP.
- Experience with container and Kubernetes security.
- Security certifications such as CISSP, CCSP, CISM, or equivalent.
- Experience supporting hybrid or large-scale enterprise environments.