Thanks for your interest in the Security Assurance Specialist, NSW position.
Unfortunately this position has been closed but you can search our 6 open jobs by
About Nokia
At Nokia we create the technology to connect the world. Developing and delivering the industry's only end-to-end portfolio of network equipment, software, services and licensing that is available globally. Through our research teams, including the world-renowned Nokia Bell Labs, Nokia is leading the world to adopt end-to-end 5G networks that are faster, more secure and capable of revolutionizing lives, economies and societies. Nokia adheres to the highest ethical business standards as we create technology with social purpose, quality and integrity. A truly global company, we are 160 nationalities working in more than 100 countries.
About Nokia Software
Nokia Software is the leading solutions provider in the telecoms software market helping to drive large-scale service and network operations automation and digital business transformation in support of customer migrations to 5G. Built on Nokia’s cloud-native Common Software Foundation (CSF), Nokia’s multi-vendor and multi-network software solutions enrich and secure user experiences; automate operations and infrastructure; and enable new revenue streams and cost efficiencies.
Job Description:
An experienced cybersecurity professional to fill the role of Security Assurance Specialist. In this role you will support NSW teams in their efforts to create secure software by collaborating with them and key stakeholders by applying your security expertise, performing security testing to identify defects and other vulnerabilities, analyzing security test results and making recommendations for remediating solutions. Nokia customer teams will request your support in resolving and timely responding to customer security related cases. The NSW Security Team will expect you to contribute to the annual program planning and road mapping. As security certification requirements emerge, you will be expected to support NSW stakeholders on planning for and carrying out security certification activities, which can include hands-on testing and results analysis and remediation. As NSW encounters security events that require incident response management, you may become a contributing member of the NSW response team. Other Nokia business group security teams and stakeholders will expect you to network with them and provide coaching and mentoring, as well as collaboration to build the security culture and maturity within Nokia.
Your experience will be needed with assuring the Nokia security vulnerability management (SVM) process is followed by NSW teams. You will collaborate with key teams in the use of SVM tools to resolve related issues and meet their SVM key performance indicators (KPIs).
A background in software development is strongly desired to allow you to collaborate and lead efforts to turn secure test cases into code (Everything as Code – EAC) and introduce innovative ways to automate security testing across the product development lifecycle (PDLC).
This role will require knowledge of security testing, secure software development practices and broad knowledge of application and network security vulnerabilities and how to identify and mitigate them. Configuring, running various testing tools, generating reports, communicating with development teams and negotiating remediation of issues are key components of the role.
You will help to promote and apply Nokia standards and guidance for Design for Security (DFSEC) process, tools and collaborate with Nokia Health/Safety/Security/Environment team on continual improvement to these standards and guidelines.
As an experienced engineer you will help define and build NSW security expertise, including NSW specific security standards, guidelines and standard operating procedures and execute the targets of the security program across NSW. You will be a source of coaching and mentoring for security expertise within NSW and Nokia.
Job Responsibilities & Competencies- Support customer teams managing customer security cases by leveraging security assurance expertise and NSW engineering stakeholders, leading to timely case resolution
- Work with NSW architects, engineers, project managers and program managers to review, analyze and agree on recommended remedies to open security issues
- Conduct and participate in security threat and risk assessments
- Install, configure and operate security test tools, as well as analyze and recommend remediations to identified security test findings
- Produce summary test reports with scheduled remediations from outputs of security test tools
- Collaborate with NSW DevOps teams to create roadmaps evolving into a DevSecOps
- Organize and facilitate continuous security testing virtual team meetings with NSW stakeholders
- Contribute to annual NSW Security Program planning and roadmaps
- Support NSW engineering and product management teams to secure their products, solutions and services
- Provide support to Nokia incident response management teams
- Coach and mentor NSW stakeholders on information and product security skill building
Required minimum Qualifications:- Bachelor’s degree in computer science or related degree program10 years of experience in information and product security
- Demonstrated experience in security testing, vulnerability testing, secure hardening testing (Coverity, SonarQube, Tenable.sc, Anchore, NMAP, CAT Pro, OpenScap)
- Proficiency with secure code, vulnerability, hardening test tools and analysis of their reports
- Proficiency coding scripting languages (Python, PHP)
- Proficiency writing security test cases as code (Python, Gherkin)
- Experience creating security testing using ATDD, BBD frameworks (Robot, Cucumber)
- Experience with creating automated configuration verification scripts (Ansible)
- Experience providing security assurance support to engineering and product management teams
- Software development background including coding and testing
- Excellent oral and written communication skills
- Team player able to engage and collaborate with stakeholder network
- Demonstrated ability to successfully work and collaborate within global distributed teams
- Ability to enhance team learning environment with coaching and mentoring
Certification
- ISC2 Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
Imagine creating technology that has the potential to change the world. Working with us, you will have a positive impact on people’s lives and help to overcome some of the world’s most pressing challenges. We act inclusively and respect the uniqueness of people. At Nokia, employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics