Senior Product Security Analyst

Responsibilities, authorities and accountabilities

We are seeking a highly skilled and experienced Senior Product Security Analyst to join our growing security team. In this role, you will be responsible for ensuring the security of our products throughout the development lifecycle. You will work closely with engineering, product management, and DevOps teams to identify, assess, and mitigate security risks in our applications and services.

In this role, you will:

• Be responsible for providing technical leadership and defining, developing, and evolving security within software in a fast-paced and agile development environment using the latest secure software development technologies and infrastructure.
• Work with Cyber Security Leaders and SMEs to understand security requirements
• Perform penetration testing
• Collaborate with product and engineering teams to integrate security into the software development lifecycle (SDLC).
• Conduct threat modeling, design reviews, and code reviews to identify and mitigate security vulnerabilities.
• Perform static and dynamic application security testing (SAST/DAST), and manage results and remediation efforts.
• Lead security assessments of new and existing products, including third-party components and APIs.
• Develop and maintain secure coding guidelines and best practices.
• Support incident response and forensic investigations related to product security.
• Stay current with emerging threats, vulnerabilities, and security technologies.
• Assist security champions in completing Threat Modeling and Architecture Risk Analysis on product features
• Provide guidance and advice on writing secure code that meets standards and delivers desired functionality, using the technology selected for the project
• Understand application security methodologies and frameworks
• Leverage Baker Hughes Digital’s tailored Secure SDL practice into specific engineering engagements
• Research new application security technologies and implement them to improve application security.
• Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development
• Promote best practices based on OWASP, SANS Top 25, and the Baker Hughes Digital SDL.

Required Qualifications

• Bachelor's Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and Math). A minimum 2 years of professional experience in STEM related degree, Political Science/Government/International Affairs.

Desired Characteristics

• Detailed working knowledge of two modern programming languages, such as java, python, or ruby
• Strong written and oral communication skills and successful security consulting background.
• At least 2 years of security consulting involvement with development team(s) that delivered software-based services
• Experience in developing secure applications
• A high energy and a result-oriented attitude/approach, with an understanding of release timelines and the need to enable development teams, not slow them down
• Experience with Security Development Lifecycle processes
• Contribute to and lead discussions and communications within the team and outside, including customers and other business units
• Strong knowledge of Object Oriented Analysis and Design, Software Design Patterns and coding principles
• Experience with penetration testing tools, ability to replicate security defects uncovered by groups such as red team
• Good understanding of security tools and technologies to facilitate secure development