5G Core Product Security Lead

We are looking for a Product Security Lead to join our P&E Security Eng team to define and implement security strategies, policies, and standards across our product line. In this role, you will work closely with engineering, Dev Ops, and compliance teams to ensure security is integrated throughout the software development lifecycle (SDLC). Your expertise will help protect our product from evolving cyber threats while ensuring compliance with all Nokia best practices and security standards.

Must Have:

• Bachelor´s degree required (Masters/PhD preferred) in a technical field (Computer Science, Electrical Engineering, etc.). Any certification in security area is an asset
• Minimum of 8 years of experience in software development within Telecommunications Networks, with expertise in cloud-native design.
• Strong knowledge in Network Security, in design for security and privacy requirements (e.g. GDPR, etc.) and in Docker, Open Stack, Kubernetes and Containerized Applications. In addition, working knowledge on secure protocols (TLS/DTLS/SSH ), Encryption methodology, Ciphers etc.
• Experience in security tools and technologies
• Strong customer focus, written and oral communication skills, interpersonal/team skills and presentation skills
• Familiarity with application layer risk/vulnerabilities, attacks and security principles
• In depth knowledge of Unix OS and it’s security and hardening principles

Nice to have:

• Ability to work across multi-national, fast-paced environment
• Self-starter - able to demonstrate strong sense of business ownership and leadership
• Entrepreneurial spirit and sense of personal responsibility

• Design, Develop, and release Security Hardening Solutions; leading the strategy and document the following technical specifications, per release:
  • Security Architecture Specification
  • Security Threat and Risk Analysis
  • Hardening Specification
  • Security Test reports
• Work with the Program and Product Managers to ensure that product meets Nokia DFSEC (Design for Security) requirements.
• Work with 3rd Party Auditors for supporting NESAS evaluation of the product.
• Provide expert assessment on vulnerability reports using the following tools:
  Tenable, Anchore, Black Duck Hub, Xray and VAMS. Use the Common Vulnerability Scoring System for each of the vulnerabilities identified in the product.
• Work with the R&D team to provide software patches which reduce the number of vulnerabilities within the product
• Define the requirements of the product’s regression Security testing activities (port scanning, vulnerability and malware scanning, compliance testing, fuzz and flood testing, etc).
• Make sure that all software components respect Nokia legal requirements.
• Guide development teams in implementing secure coding practices, secure design principles, and code review processes.