Baker Hughes is looking for a Sr Staff Product Security Leader to help design and implement the next generation of secure oil and gas digital solutions. This includes providing development teams and product owners with technical insight and industry perspective in the creation, delivery, and integration of complex and comprehensive security solutions.Essential Responsibilities:
As a Sr Staff Product Security Leader, You Will
- The Sr Staff Product Security Leader works across key Baker Hughes engineering teams to implement secure design and build practices and create innovative technical solutions to security challenges.
- You will be working directly with product development teams assessing and assisting in the design, secure development, and implementation of security into solutions that interoperate from the Baker Hughes solutions out to the cloud and back again.
- You will analyze system designs and implementations from a security perspective, and uncover subtle security issues that appear under unexpected threat scenarios.
- You will determine the likelihood of loss and the appropriate mitigations based on those unexpected threats and work with the product development teams as they design, implement and deploy those mitigations.
- You will be a security evangelist providing thought leadership to the organization and helping to guide developers in secure coding practices.
- You will also assist in technical security assessments across all of Baker Hughes Digital.
- You are a security leader who thrives on addressing real-world problems and is not averse to building security tools and processes when off-the-shelf solutions just don't fit. Most importantly, you are a savvy communicator and leader that can translate security risks to business terms in an accurate and compelling manner for both technical and non-technical stakeholders.
- Oversee security for Baker Hughes Digital Solutions teams and products.
- Act as a security technical lead for development programs.
- Function as the main technical point of contact for product teams as relates to cybersecurity and privacy, while also growing the security expertise of product teams.
- Build awareness of the importance of security in product management and technical teams.
- Conduct complete lifecycle security architecture and technical assessments for a wide range of products, including embedded devices, enterprise software solutions, and mobile apps.
- Engage in application and domain-specific threat modelling and attack surface analysis and reduction.
- Lead cross-functional projects and teams in establishing security development lifecycle practices within Baker Hughes products.
- Assess and prioritize risk for legacy devices and communicate residual risk to business leaders.
- Prepare reports at appropriate levels of confidentiality for stakeholders to view.
- Support Privacy and Security incident response activities pertinent to design engineering and secure development through investigations, corrective actions, and preventive actions.
- Work directly with customers to understand their Privacy and Security concerns and requirements.
- Produce product assessment results suitable for customers.
- Respond promptly and in detail to customer queries and customer-sponsored penetration tests.
- Provide guidance on automated security testing tools and techniques.
- Perform technical security assessments across the Baker Hughes product portfolio.
- Bachelor's/Master's Degree in Computer Engineering or equivalent.
- A minimum of 14 years of industry experience of which at least 10 years full-time information security experience with emphasis on technical assessment (system/web application vulnerability assessment, penetration testing, white-box code analysis, etc.) and security architecture (design of security controls, secure system design, understanding of identity and authentication management, etc.)
- 3 - 5 years of experience with information security in product development
- Certification in cybersecurity (CISSP preferred)
- Experience with embedded device, enterprise solutions, and mobile app development.
- Experience with many operating systems: Enterprise Linux, Embedded Linux, Android, iOS, Windows, Windows Server, Windows Embedded
- Experience with securing configuration and communication of embedded devices
- Experience in a broad range of information security domains - security architecture, key and certificate management, security operations, fuzzing, penetration testing, SAAS/PAAS/IAAS/Cloud Security, Service-Oriented Architecture, Systems Management
- Experience with Security Development Lifecycle processes such as Threat Modelling
- Experience with a range of security tools: Nessus, Kali, Microsoft Threat Modelling Tool, fuzzers, etc.
- Experience with NIST 800-53 and/or ISO/IEC 27000 series of security standards
- Experience with OWASP, CVSS, FIPS 140-2, and DoD RMF
- Project and program management experience.
- Organization and communication of complex information.
- An understanding of information security risk management
This is your opportunity to learn more, do more, live the career you have imagined and be part of a truly diverse organization
Baker Hughes is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. Learn more