OneMain Financial Jobs

Job Description Summary

The Principal Product Security Leader helps to design and implement the next generation of secure healthcare devices and solutions. This includes providing product teams and owners with technical insight and industry perspective in the creation, delivery, and integration of complex and comprehensive security solutions.

You will work with GE HealthCare product teams to implement secure design and build practices and create innovative technical solutions to privacy and security challenges. You will be a security evangelist providing thought leadership to the organization and helping to guide developers in secure coding practices. You will also assist in technical security assessments across all of GEHC. There is moderate autonomy within the role. High levels of operational judgment are required to achieve the outcomes required.

GE HealthCare is a leading global medical technology and digital solutions innovator. Our mission is to improve lives in the moments that matter. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world.

Job Description

Roles and Responsibilities

• Oversee security for GE HealthCare product, platforms, components, and cross-modality efforts.

• Act as a security technical lead for development programs

• Function as the main technical point of contact for product teams as relates to privacy and security, while also growing the security expertise of product teams

• Build awareness of the importance of security in product management and technical teams

• Conduct complete lifecycle security architecture and technical assessments for a wide range of products, including embedded devices, and enterprise software solutions

• Engage in application and domain-specific threat modeling and attack surface analysis and reduction

• Lead cross-functional projects and teams in establishing security development lifecycle practices within GE HealthCare products

• Assess and prioritize risk for legacy devices and communicate residual risk to business leaders

• Prepare reports at appropriate levels of confidentiality for stakeholders to view

• Support privacy and security incident response activities such as investigations, corrective actions, and preventive actions

• Work to understand customers privacy and security concerns and requirements

• Respond promptly and in detail to customer queries and customer-sponsored penetration tests

• Provide guidance on automated testing tools and techniques

• Perform technical security assessments across the GE HealthCare product portfolio

• Lead functional teams or projects with minimal resource requirements, risk, and/or complexity. Communicate difficult concepts and influence others' options on particular topics. Guide others to consider a different point of view.

Qualifications

• Bachelor's Degree in a relevant field (e.g. Computer Engineering, Computer Science, Information Security) or in a STEM major (Science, Technology, Engineering, or Math)

• 7+ years full-time information security experience with emphasis on technical assessment (system/web application vulnerability assessment, penetration testing, white-box code analysis, etc.) and security architecture (design of security controls, secure system design, understanding of identity and authentication management, etc.)

Desired Characteristics

• 5+ years of experience with cybersecurity in product development

• Certification in cybersecurity (CISSP preferred)

• Healthcare domain and medical device experience

• Experience with embedded devices, enterprise solutions, and mobile app development

• Experience with many operating systems: Enterprise Linux, Embedded Linux, Windows, Windows Server, Windows Embedded. Real-time OS

• Experience with security configuration and communication of embedded devices

• Experience securing wireless communications: WiFi, WMTS, MBAN, Bluetooth

• Experience in a broad range of information security domains – security architecture, key and certificate management, security operations, fuzzing, penetration testing, SAAS/PAAS/IAAS/Cloud Security, Service-Oriented Architecture, Systems Management

• Experience with Security Development Lifecycle processes such as Threat Modeling

• Experience with a range of security tools: Nessus, Kali, Microsoft Threat Modeling Tool, etc.

• Experience with NIST 800-53 and/or ISO/IEC 27000 series of security standards

• Experience with OWASP, CVSS, FIPS 140-2 and 140-3, and DoD RMF

• Project and program management experience

• Organization and communication of complex information

• An understanding of information security risk management

We expect all employees to live and breathe our behaviors: to act with humility and build trust; lead with transparency; deliver with focus, and drive ownership –always with unyielding integrity.

Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration, and support.

#LI-BR3

#LI-Remote

For U.S. based positions only, the pay range for this position is $164,000.00-$246,000.00 Annual. It is not typical for an individual to be hired at or near the top of the pay range and compensation decisions are dependent on the facts and circumstances of each case. The specific compensation offered to a candidate may be influenced by a variety of factors including skills, qualifications, experience and location. In addition, this position may also be eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). GE HealthCare offers a competitive benefits package, including not but limited to medical, dental, vision, paid time off, a 401(k) plan with employee and company contribution opportunities, life, disability, and accident insurance, and tuition reimbursement.

Additional Information

GE HealthCare offers a great work environment, professional development, challenging careers, and competitive compensation. GE HealthCare is an Equal Opportunity Employer (https://www.eeoc.gov/sites/default/files/2022-10/22-088_EEOC_KnowYourRights_10_20.pdf) . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

GE HealthCare will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable).

While GE HealthCare does not currently require U.S. employees to be vaccinated against COVID-19, some GE HealthCare customers have vaccination mandates that may apply to certain GE HealthCare employees.

Relocation Assistance Provided: No

Application Deadline: May 31, 2026