Nokia
We are looking for a Product Security Lead to join our P&E Security Eng team to define and implement security strategies, policies, and standards across our product line. In this role, you will work closely with engineering, DevOps, and compliance teams to ensure security is integrated throughout the software development lifecycle (SDLC). Your expertise will help protect our product from evolving cyber threats while ensuring compliance with all Nokia best practices and security standards.
Qualifications Must Have:
Bachelor´s degree required (Masters/PhD preferred) in a technical field (Computer Science, Electrical Engineering, etc.). Any certification in security area is an asset
Minimum of 8 years of experience in software development within Telecommunications Networks, with expertise in cloud-native design.
Strong knowledge in Network Security, in design for security and privacy requirements (e.g. GDPR, etc.) and in Docker, OpenStack, Kubernetes and Containerized Applications. In addition, working knowledge on secure protocols (TLS/DTLS/SSH ), Encryption methodology, Ciphers etc.
Experience in security tools and technologies
Strong customer focus, written and oral communication skills, interpersonal/team skills and presentation skills
Familiarity with application layer risk/vulnerabilities, attacks and security principles
In depth knowledge of Unix OS and it’s security and hardening principles
Nice to have:
Ability to work across multi-national, fast-paced environment
Self-starter - able to demonstrate strong sense of business ownership and leadership
Entrepreneurial spirit and sense of personal responsibility
Responsibilities
Design, Develop, and release Security Hardening Solutions; leading the strategy and document the following technical specifications, per release:
Security Architecture Specification
Security Threat and Risk Analysis
Hardening Specification
Security Test reports
Work with the Program and Product Managers to ensure that product meets Nokia DFSEC (Design for Security) requirements.
Work with 3rd Party Auditors for supporting NESAS evaluation of the product.
Provide expert assessment on vulnerability reports using the following tools: Tenable, Anchore, Black Duck Hub, Xray and VAMS. Use the Common Vulnerability Scoring System for each of the vulnerabilities identified in the product.
Work with the R&D team to provide software patches which reduce the number of vulnerabilities within the product
Define the requirements of the product’s regression Security testing activities (port scanning, vulnerability and malware scanning, compliance testing, fuzz and flood testing, etc).
Make sure that all software components respect Nokia legal requirements.
Guide development teams in implementing secure coding practices, secure design principles, and code review processes.
#J-18808-Ljbffr
Qualifications Must Have:
Bachelor´s degree required (Masters/PhD preferred) in a technical field (Computer Science, Electrical Engineering, etc.). Any certification in security area is an asset
Minimum of 8 years of experience in software development within Telecommunications Networks, with expertise in cloud-native design.
Strong knowledge in Network Security, in design for security and privacy requirements (e.g. GDPR, etc.) and in Docker, OpenStack, Kubernetes and Containerized Applications. In addition, working knowledge on secure protocols (TLS/DTLS/SSH ), Encryption methodology, Ciphers etc.
Experience in security tools and technologies
Strong customer focus, written and oral communication skills, interpersonal/team skills and presentation skills
Familiarity with application layer risk/vulnerabilities, attacks and security principles
In depth knowledge of Unix OS and it’s security and hardening principles
Nice to have:
Ability to work across multi-national, fast-paced environment
Self-starter - able to demonstrate strong sense of business ownership and leadership
Entrepreneurial spirit and sense of personal responsibility
Responsibilities
Design, Develop, and release Security Hardening Solutions; leading the strategy and document the following technical specifications, per release:
Security Architecture Specification
Security Threat and Risk Analysis
Hardening Specification
Security Test reports
Work with the Program and Product Managers to ensure that product meets Nokia DFSEC (Design for Security) requirements.
Work with 3rd Party Auditors for supporting NESAS evaluation of the product.
Provide expert assessment on vulnerability reports using the following tools: Tenable, Anchore, Black Duck Hub, Xray and VAMS. Use the Common Vulnerability Scoring System for each of the vulnerabilities identified in the product.
Work with the R&D team to provide software patches which reduce the number of vulnerabilities within the product
Define the requirements of the product’s regression Security testing activities (port scanning, vulnerability and malware scanning, compliance testing, fuzz and flood testing, etc).
Make sure that all software components respect Nokia legal requirements.
Guide development teams in implementing secure coding practices, secure design principles, and code review processes.
#J-18808-Ljbffr