Product Security Lead

In CNS P&E Security Eng, AI, machine learning, the Internet of Things, Cyber Security and Cloud are at the heart of our portfolio. We help create the secure, ultra-connected world in which we live and develop innovative solutions for 5G, smart cities, autonomous cars, health services, public safety, and smart utilities.

Come and join our team to ensure that this connected world will be safe, secure and respectful of our privacy.

We are looking for a Product Security Lead to join our P&E Security Eng team, to ensure that our products comply with all Nokia best practices and security standards, and to be the trusted security partner of Nokia customers and security professionals.

Required Minimum Qualifications: (Education, Technical Skills/Knowledge)

• Bachelor´s degree required (Masters/PhD preferred) in a technical field (CS, EE, etc.)
• Minimum of 10 years of industry experience
• Knowledge in design for security and security & privacy requirements (e.g. GDPR, etc.)
• Strong knowledge in Docker, OpenStack, Kubernetes, Helm, Containerized Applications, Microservices.
• Strong knowledge in Network Security
• Experience in security tools and technologies
• Experience with cryptography: symmetric, asymmetric, PKI, AES, RSA, ECC, ECDH
• Solid presentation skills. Ability to engage the hands-on technical experts.
• Strong customer focus.
• Strong written and oral communication skills
• Excellent interpersonal/team skills
• Fluent in oral and written English.
• Any certifications in security area are an asset

Desired Qualifications: (Education, Technical Skills/Knowledge)

• Demonstrable skill in several programming languages: e.g. Java, C/C++, Javascript, PHP, python, perl
• Experience with source control & loadbuild tools: e.g. git, gerrit, Jenkins
• Ability to work across multi-national matrix organisation
• Self-starter - able to demonstrate strong sense of business ownership and leadership
• Team Player - able to communicate effectively across Practices and Customer Teams
• Entrepreneurial spirit and sense of personal responsibility
• Desire to learn new skills and new technologies
• Willingness and ability to work in a fast-paced environment
• High level of self-motivation and maturity

Responsibilities

• Design, Develop, and release Security Hardening Solutions; leading the strategy and document the following technical specifications, per release:
• Security Architecture Specification
• Security Threat and Risk Analysis
• Hardening Specification
• Security Test reports
• Recommend improvements to existing software programs as necessary.
• Work with the Program and Product Managers in meeting with all the DFSEC requirements for Release Management and ensure that products meet Nokia DFSEC (Design for Security) requirements.
• Work with the PLM’s in supporting Customer facing Security Issues.
• Work with 3rd Party Auditors in support of NESAS evaluation of the P&E Security products.
• Perform daily software vulnerability assessments using the following tools: Nessus, Anchor, and Black Duck. Use the Common Vulnerability Scoring System for each of the vulnerabilities identified in the product(s).
• Lead efforts in (e.g. NESAS) certification of system.
• Make sure that all software components respect Nokia legal requirements.
• Automate as much as possible Product Security work items.
• Manage a Unified Product Security Lead Laboratory.
• Closely work with Nokia Common Software Foundation team in order to resolve existing vulnerabilities and security issues.
• Work with the R&D team to provide software patches which reduce the number of vulnerabilities within a product(s).
• Work independently with minimal supervision and multi-task effectively.
• Demonstrate a strong sense of business ownership and leadership.