​This is a 100% Remote Cyber Security Engineer role, internally titled “Product Security Leader PSR,” at GE Healthcare’s Caption Health SBU, which focuses on AI-assisted ultrasound clinical applications. This role is a senior-level position dedicated to integrating security into every phase of the product lifecycle (Security by Design) in a highly regulated healthcare environment, ensuring compliance with standards like HIPAA and HITRUST.

• ​Location: Remote, United States.
• ​Experience: 5–8 years of experience in application/product security.
• ​Focus: Threat Modeling, Vulnerability Management, Security by Design, Incident Response, and maintaining strict compliance documentation for healthcare technology products.
• ​Compliance Standards: HIPAA, HITRUST, SOC 2, ISO 27001.

​Essential Responsibilities: Security Lifecycle Management

​The leader is responsible for embedding robust security practices from product conception through release and maintenance.

• ​Security by Design: Partner with product and engineering teams to integrate security into architecture, design, and development processes.
• ​Risk Assessment: Conduct threat modeling, security reviews, and risk assessments for new and existing products.
• ​Compliance & Documentation: Deliver product release security documents and document cybersecurity status and processes in accordance with regulations. Ensure products meet internal and external compliance requirements (HIPAA, HITRUST, SOC 2, ISO 27001).
• ​Vulnerability Management: Identify, triage, and drive remediation of vulnerabilities in applications and infrastructure.
• ​Incident Response: Support product-related security incidents and coordinate resolution.
• ​Awareness: Educate developers and product managers on secure development practices and emerging threats.

​Required and Preferred Qualifications

​The role requires a strong background in software security engineering, with a preference for healthcare domain experience.

• ​Required Experience: 5–8 years in application/product security, with a strong understanding of secure software development.
• ​Technical Proficiency: Proficiency in threat modeling and vulnerability management. Experience in security/network/system administration/development.
• ​Cloud & Containers: Familiarity with cloud platforms (AWS, Azure, GCP) and container security (Docker, Kubernetes).
• ​Preferred Domain Expertise:
  • ​Experience working in or with healthcare technology companies or digital health platforms.
  • ​Deep understanding of HIPAA, HITECH, and 21 CFR Part 11 compliance requirements.
  • ​Knowledge of PHI/PII protection and data residency concerns.
  • ​Exposure to HITRUST CSF or similar frameworks.
• ​Certifications (Plus): OSCP, CISSP, CSSLP.