Cyber Security Engineer

Job Description SummaryThe Caption Health SBU focuses on clinical applications that aid in early disease detection, using AI to assist in conducting ultrasound scans.
The Product Security Leader PSR is part of our security team and helps safeguard the integrity, confidentiality, and availability of our healthcare technology products. This role is ideal for an experienced product security analyst who is passionate about building secure, compliant, and resilient systems in a regulated environment. This role works cross-functionally with Engineering, Product, Compliance, and DevOps teams to embed security into every phase of the product lifecycle. 100% Remote

Job Description

Essential Responsibilities:

• Security by Design: Partner with product and engineering teams to integrate security into architecture, design, and development processes.
• Threat Modeling & Risk Assessment: Conduct threat modeling, security reviews, and risk assessments for new and existing products.
• Create & Maintain Cybersecurity Documentation: Delivering product release security documents, document cyber security status and process in accordance with regulations.
• Vulnerability Management: Identify, triage, and drive remediation of vulnerabilities in applications and infrastructure.
• Incident Response: Support product-related security incidents and coordinate with internal stakeholders for resolution.
• Security Awareness: Educate developers and product managers on secure development practices and emerging threats.
• Compliance & Standards: Ensure products meet internal security standards and external compliance requirements (e.g., HIPAA, HITRUST, SOC 2, ISO 27001).

Basic Qualifications:

• Bachelor’s degree in Computer Science, Cybersecurity, or related field (or equivalent experience).
• 5-8 years of experience in application/product security, with a strong understanding of secure software development.
• Proficiency in threat modeling and vulnerability management.
• Experience analyzing/detecting and remediating cybersecurity issues.
• Experience in security/network/system administration/development or equivalent knowledge.
• Familiarity with cloud platforms (AWS, Azure, GCP) and container security (Docker, Kubernetes).
• Strong communication skills and ability to influence cross-functional teams.
• Relevant certifications (e.g., OSCP, CISSP, CSSLP) are a plus.
   

Preferred Qualifications:

• Experience working in or with healthcare technology companies or digital health platforms.
• Deep understanding of HIPAA, HITECH, and 21 CFR Part 11 compliance requirements.
• Knowledge of patient data privacy, PHI/PII protection, and data residency concerns.
• Exposure to HITRUST CSF or similar healthcare-specific security frameworks.
• Practical hands-on experience cybersecurity events investigation tracking and threat resolution.
• Able to work under minimal supervision and open to collaboration.

Eligibility Requirements:

• This position is based in the United States only. Legal authorization to work in the U.S. is required. GE HealthCare may agree to sponsor an individual for an employment visa now or in the future if there is a shortage of individuals with particular skills.
• Must be willing to travel as required.

Additional Information

While GE HealthCare does not currently require U.S. employees to be vaccinated against COVID-19, some GE HealthCare customers have vaccination mandates that may apply to certain GE HealthCare employees.