AppSec Jobs
← Back to all jobs

Baker Hughes

Lead Application Security Engineer

Mumbai Metropolitan RegionPosted 2 weeks agoWebsite
Apply on LinkedIn →

About This Role

Lead Application Security Engineer position available in multiple Indian locations including Pune, Gurgaon, Bangalore, Mumbai, and Hyderabad. Full-time role in Digital Technology category. Job ID: R164323.

About Baker Hughes

Baker Hughes is a global energy technology company that specializes in oilfield services, products, and digital solutions for the oil and gas industry. Established in 1987 through the merger of Hughes Tool Company and Baker Oil Tools, the company has a rich history of innovation, including the invention of the roller cutter drill bit and advancements in drilling techniques. Co-headquartered in Houston, Texas, and London, UK, Baker Hughes operates in nine regions and 23 geomarkets worldwide. The company offers a comprehensive range of services and products that cover the entire oil and gas value chain. This includes advanced drilling services and tools, well completions, artificial lift systems, drilling fluids, measurement while drilling, seismic exploration, and digital solutions. Baker Hughes has also expanded its capabilities through strategic acquisitions of specialized firms, enhancing its offerings in drilling, completions, and reservoir services. Baker Hughes serves a diverse customer base in the oil and gas sector, including exploration and production companies, national oil companies, and independent operators. The company focuses on delivering tailored solutions that meet specific project needs, emphasizing reliability and practical technology application.

Employees

57,000

11210 engineers

Revenue

$28B

Website

Visit →

Security at Baker Hughes

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Baker Hughes treats Application Security as a named capability within its broader cybersecurity service offerings and supplier/product security requirements.
  • Public materials position AppSec as part of a defense-in-depth, end-to-end cyber services portfolio that integrates application-focused controls with endpoint, patching, detection (SIEM), and backup/restore capabilities.
  • Baker Hughes emphasizes secure design, secure coding, risk-based testing/remediation, and supplier accountability for vulnerability management and timely reporting.

Security Team

  • No public bakerhughes.com page located in this review discloses an internal Application Security team headcount, org-chart, or named AppSec leadership.
  • Baker Hughes does publish and recruit cybersecurity roles within its Digital Technology organization (examples: Senior Cloud Security Engineer.
  • Senior Cybersecurity Event Triage Analyst), indicating staffed cybersecurity functions, but no explicit AppSec team structure or size was found in the reviewed materials.

Key Initiatives

  • Documented initiatives and requirements visible in public materials include: mandatory secure software development practices for suppliers (security design review, secure coding, risk-based testing/remediation).
  • Supplier vulnerability management plans and a requirement to notify Baker Hughes of potential vulnerabilities within five business days.
  • Mandated security and privacy training (including secure-coding training) for development staff and role-based training for personnel with access to Baker Hughes information.
  • Operational Cyber Asset Protection (CAP) services for customers (patch management, antivirus/HIPS, program documentation).
  • Periodic testing/assessments (vulnerability scans, SOC 2) and alignment with compliance frameworks (NIST, IEC 62443, NERC CIP).

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.

Interested in this role?

Apply on LinkedIn