Senior Cyber Security Engineer (Remote Eligible, U.S.)

Job Description Summary

GE Vernova is seeking a highly skilled and experienced Senior Cyber Security Engineer to join the Product Security team focusing on the Wind portfolio of products. The engineer leads key cyber security programs, drives vulnerability remediation, develops and implements solutions, performs root cause analysis, and works hand‑on with product and engineering teams to strengthen the security posture of GE Vernova's Wind portfolio.

Job Description

Essential Responsibilities

• Lead key product cyber security programs from inception through completion, ensuring alignment with stakeholders, business priorities, regulatory requirements, and product roadmaps.
• Assess current product security posture against applicable regulatory requirements, identify gaps, and develop structured remediation plans and roadmaps.
• Lead the effort to achieve and/or maintain standards‑based certification for the product security program and/or specific Wind products.
• Manage audit preparation activities, including coordination with internal auditors and third‑party certification bodies, evidence collection, and providing responses to findings.
• Support and/or drive the development, maintenance, and usage of internal tools for product security, such as the product asset inventory, vulnerability management automation.
• Design, develop, and support OT/ICS cyber security solutions for wind farm, such as SIEM detection rules, endpoint protection (EDR/AV/application whitelisting), and network segmentation, based on customer requests, regulatory requirements, and commercial strategy.
• Design, develop, and implement cyber security solutions and controls, collaborating with cross‑functional teams, that address identified risks, vulnerabilities, and gaps across Wind’s products, systems, and processes.
• Lead root cause analysis efforts for security vulnerabilities and non‑conformities, delivering findings and actionable recommendations.
• Support incident response activities related to product security vulnerabilities.

Required Qualifications

• Bachelor’s Degree from an accredited university in Engineering, Computer Science, Cybersecurity, Information Technology, or related field. Alternative acceptable experience will be considered on a case‑by‑case basis.
• Minimum 8 years of experience in cybersecurity with at least 5 years focused on industrial control systems (ICS), operational technology (OT), or product security.
• Minimum 4 years of experience with product security regulations and standards, such as IEC 62443 series of standards or equivalent, especially implementation of said regulations/standards.

Desired Characteristics

• Experience driving preparation of a security program for cyber security audits, certifications, and/or assessment, especially those related to a product regulation.
• Demonstrated knowledge and understanding of cybersecurity tools/solutions (e.g., Firewalls, antivirus, security incident and event management systems, intrusion detection systems, intrusion prevention systems), including experience providing installation/configuration recommendations.
• Master’s degree in a relevant field.
• Cyber security certification (e.g., GICSP, CEH, CCNA, CISSP).
• Demonstrable in‑depth knowledge of how to interpret and implement product cybersecurity regulatory requirements in a product security program through policies, standards, and procedures.
• Strong understanding of operational technologies (e.g., PLCs) and protocols (e.g., Modbus, Profinet, DNP3, OPC [DA, AE, UA], IEC 61850) used in manufacturing, power generation, wind farms, SCADA systems, and other industrial environments or industrial products.
• Experience using cyber security tools (e.g., Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Cloud‑Native Application Protection Platform (CNAPP), Artificial Intelligence (AI), or other weakness / vulnerability scanning tools) to identify and track cyber security vulnerabilities.
• Experience with cloud security principles and practices.
• Ability to work independently and collaboratively as necessary with a cross‑functional team.
• Strong oral and written communication skills. Demonstrated ability to analyze and resolve problems.
• Experience responding to product cyber security vulnerabilities.

Additional Information

GE Vernova is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

No relocation assistance.