NI is looking for an experienced cybersecurity professional to fill the role of Product Security Manager to support release compliance assessments of Fixed Networks Products. In this role you will support various NI business functions, including Product R&D, Services, Customer Teams and Regional Business Centers (RBC’s) to drive enhancement and/or compliance to security & privacy requirements into different aspects of the NI business and evaluate the effectiveness of implemented security controls to mitigate, reduce, or eliminate risks related to Security & Privacy. 

Knowledge on product security engineering and experience in security compliance assessment are prerequisites for this job. Nokia DFSEC is based on both proactive and reactive security engineering. This includes understanding how to translate security controls sets into implementation requirements. An understanding of software engineering and programming is a fundamental requirement for this role, because NI products, services and solutions are software based and product security begins with understanding design aspects that can introduce security risks. Candidates should have knowledge and experience in conducting product security risk assessment, including use of threat and risk modelling and Privacy Impact Assessments using techniques and tools to successfully coaching teams to identify gaps, develop risk treatment plans or development roadmaps to address issues identified.

Experience in performing security vulnerability scanner-based product security assessments and analysis and remediation planning of findings is required. Knowledge on the use of the DFSEC Compliance Tool and the Vulnerability Assessment and Management System tools are desired skills sets for this job.

This role will require knowledge of application security engineering and testing, secure software development practices and broad knowledge of application and network vulnerabilities, including how attacker types exploit them. Configuring and running various types of security test tools (EG, Threat Modeler, SAST, DAST, Fuzz, Vulnerability, Security Hardening tool types), generating reports, communicating findings with development teams and negotiating remediation of issues are key components of the role. 

You play a key role to promote Nokia standards and guidance for applying the Nokia DFSEC process, as well as collaborate with other Nokia security teams on continual improvement to these standards and guidance to build a stronger security culture across NI.

As a senior engineer you will help define and build NI security expertise, including NI specific security standards, guidelines and standard operating procedures and execute the targets of the security program across NI. You will be a source of coaching and mentoring for security expertise within NI and Nokia.  Additionally the PSM will support the greater Nokia Pegasus Product Security Improvement program by representing and support NI interests in cross business security improvement initiatives.
 

  You have:

Bachelors Degree in Computer Science or related degree5+ years of experience in product security compliance rolesTechnical proficiency with secure product development skillsExperience applying security engineering in an agile development environment Experience providing security assurance support to engineering and product management teamsAbility to analyze and solve complex Software development background and proficiency in scripting languagesDemonstrated, good oral and written communication skillsDemonstrated ability to work and collaborate within globally distributed development teamsAbility to enhance team learning environment with coaching and mentoring

It would be nice if you also had:

Knowledge and experience with Nokia DFSEC Compliance Tool and Nokia Vulnerability Assessment and Management System toolsKnowledge of security requirements for cloud native and containerized productsKnowledge of securing web applications, mobile applications and network elementsExpertise in Microsoft Office Suite of team collaboration tools including Microsoft Outlook, Excel, Word, PowerPoint, SharePoint, Teams and OneNoteExperience with Atlassian JIRA and Confluence toolsExperience with left-shift of security testing into Continuous Integration/Continuous Deployment (CI/CD) environmentsExperience conducting secure code reviewsKnowledge of the European General Data Protection Regulation (GDPR), China CyberSecurity Law (CSL) and other global legal/regulatory requirements around security & privacy would also be an asset.

 Desired Industry Certifications: 

(ISC)2 Certified Information Systems Security Professional (CISSP)EC-Council, Certified Application Security Engineer (CASE) 

 

Benefits

We provide a comprehensive private life and medical insurance plan to safeguard your well-being and that of your family.As part of our commitment to your health, we offer an annual medical check-up program.We offer a pension plan to help you plan for your future and ensure financial security after retirement.Enjoy the convenience of a ticket restaurant e-card, which can be used at various restaurants and eateries according to our policy (currently at €120 monthly)You will be provided with a company mobile device and subscription to stay connected and efficient in your work.We offer company bus transportation to facilitate your daily commute to and from work.Benefit from flexible working hours and the option to work in a hybrid or remote mode, providing a better work-life balance.Receive a one-time payment of €350 as cash support for hybrid or remote mode arrangements.Take advantage of our Personal Support Service, which provides confidential and professional support and guidance on a range of emotional, practical, and work-life topics.Participate in Nokia's voluntary employee share purchase plan, allowing you to share in the company's success.Our Employee Recognition program, "Everyday Excellence," acknowledges and rewards outstanding contributions. You can redeem awards through our online store.Earn a generous referral bonus of €2.000, one of the highest in the market, for referring qualified candidates to join our team.Enjoy 90 calendar days of paid leave for the arrival of a new child.Engage in social clubs and cultural activities organized by the company to foster a sense of community and well-being.E-Learning Platforms: Access renowned e-learning platforms such as NokiaEDU, Harvard ManageMentor, and LinkedIn Learning for technical training and personal development.Act as a Subject Matter Expert (SME) on key software security engineering topicsTo increase security awareness in the NI business unitsDrive adoption of the Nokia CREATE and DFSEC processes across NI business unitsInfluence product roadmaps to include relevant security and privacy featuresWorking with software designers, developers, project managers, DevOps, and testers, to review, assist and recommend changes and solutions to address the security of web, cloud-based and mobile solutionsConducting security assessments using industry-standard tools and techniques Lead security reviews in NI Quality product development lifecycle milestone meetingsAnalyzing and assisting in the secure testing of applications and network infrastructureReviewing and explaining vulnerability assessment and penetration test report findings to key stakeholdersProducing reports to demonstrate assessment coverage and remediation effectiveness, and working with the product engineers and software teams to ensure corrective actions are implementedSupporting engineering teams securing software and platformsEnsure that Nokia DFSEC and Security Vulnerability Monitoring (SVM) processes are being implementedContinuous contribute to improving the NI security maturity, Nokia product security policies, processes, standards, requirements and guidelinesProvide support to incident response management teamsCoaching and mentoring NI security team memberSupport NI Incident Response activities (Security & Privacy)Be a key point of contact for Customer Security requestsSupport the NI business in ISO 27001 Certification efforts through program coordination or site SPoC leadership.Be a subject matter expert (SME) for Security & Privacy to all aspects of the NI business related to different global Legal & Regulatory compliance requirements (e.g., GDPR, NIST, CCPA, ANSSI, CSL etc.)