Roles and Responsibilities
- Act as a security technical lead for Baker Hughes product development programs.
- You will provide guidance to Product Development teams across the whole Secure Development Lifecycle (SDL), conveying risk management culture, assisting in software security design reviews, verification, and deployment.
- Technically contribute to key SDL activities (e.g. Threat modeling, Static/Dynamic Analysis Security assessments, Pen testing etc.) on most critical products and architectural frameworks
- Collaborate with relevant teams to drive adoption of existing technologies, approaches, tools, methodologies to support secure design new products, systems or processes. Viewed internally and externally as a specialist in the discipline.
- Provide subject matter expertise on secure coding/verification and practices.
- Work with Engineering teams to ensure risks are promptly identified as well as relevant remediation plans
- Support high priority projects to clarify and respond to identified security risks
- Presents projects plans, technical roadmaps, risks and recommendations to business teams and leaders within technical space
- Communicates solutions across the own function and with cross-functional partner organizations.
- Bachelor's Degree in Computer Science, Engineering or other relevant technical / IT field, OR a minimum 9 years of relevant Technical/Engineering/Software Development field
- Experience of application security and vulnerability management in secure deployment on mobile devices and cloud environments
- Experience with main security design/testing tools (Nessus, Burp, TMT, or equivalent)
- Software development experience with modern frameworks such as .NET, Java, C++, NodeJS, etc.
- Experience with securing mobile apps (IOS and Android)
- Experience with cloud services platform (AWS, Azure etc.)
- Experience with securing IIOT environments
- Working knowledge of application technologies and platforms, including web applications and services
- Deep understanding of software development life cycle and CI/CD processes
- Excellent understanding of software design architectures and frameworks, application layer risks, attacks security principles and techniques, and frameworks such as OWASP
- Experience with secure end to end architectures, PKI cloud based solutions, identity and access management protocols (OAuth 2.0 etc.), application security, encryption technologies, database and web technologies
- Good teamwork and communication skills (both written and verbal) with all levels of an organization
- Highest level of integrity and professionalism
- Experience with Baker Hughes product lines and solutions
- Knowledge of relevant industry standards and best practices (OWASP, NIST CSF, BSIMM)
- Willing to stay updated and be hands-on in technical and fast-evolving technology areas
- Knowledge of secure application development techniques, security threats and mitigations
- Knowledge of mobile technologies security threats and mitigations
- Pen testing, Cloud security, mobile security certifications (e.g. OSCP, CCSP etc.)
- Exposure to Industrial Control Systems security
- Ability to work well in a dynamic fast-paced team environment, building credibility
- Ability to think "outside the box" when developing solutions and creating value
- Resourceful and quick learner; able to efficiently seek out, learn, & apply new areas of expertise as needed
Baker Hughes Company is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.