Product Security Lead

In CNS P&E Security Eng, AI, machine learning, the Internet of Things, Cyber Security and Cloud are at the heart of our portfolio. We help create the secure, ultra-connected world in which we live and develop innovative solutions for 5G, smart cities, autonomous cars, health services, public safety, and smart utilities.

Come and join our team to ensure that this connected world will be safe, secure and respectful of our privacy.

We are looking for a Product Security Lead to join our P&E Security Eng team, to ensure that our products comply with all Nokia best practices and security standards, and to be the trusted security partner of Nokia customers and security professionals.

 

HOW YOU WILL CONTRIBUTE AND WHAT YOU WILL LEARN

• Design, Develop, and release Security Hardening Solutions; leading the strategy and document the following technical specifications, per release:
  • Security Architecture Specification
  • Security Threat and Risk Analysis
  • Hardening Specification
  • Security Test reports
• Recommend improvements to existing software programs as necessary.
• Work with the Program and Product Managers in meeting with all the DFSEC requirements for Release Management and ensure that products meet Nokia DFSEC (Design for Security) requirements.
• Work with the PLM’s in supporting Customer facing Security Issues.
• Work with 3rd Party Auditors in support of NESAS evaluation of the P&E Security products. 
• Perform daily software vulnerability assessments using the following tools: Nessus, Anchor, and Black Duck... Use the Common Vulnerability Scoring System for each of the vulnerabilities identified in the product(s).
• Lead efforts in (e.g. NESAS) certification of system.
• Make sure that all software components respect Nokia legal requirements.
• Automate as much as possible Product Security work items.
• Manage a Unified Product Security Lead Laboratory.
• Closely work with Nokia Common Software Foundation team in order to resolve existing vulnerabilities and security issues. 
• Work with the R&D team to provide software patches which reduce the number of vulnerabilities within a product(s).
• Work independently with minimal supervision and multi-task effectively.
• Demonstrate a strong sense of business ownership and leadership.
  
   

Required Minimum Qualifications: (Education, Technical Skills/Knowledge)  

• Bachelor´s degree required (Masters/PhD preferred) in a technical field (CS, EE, etc.)
• Minimum of 10 years of industry experience
• Knowledge in design for security and security & privacy requirements (e.g. GDPR, etc.)
• Strong knowledge in Docker, OpenStack, Kubernetes, Helm, Containerized Applications, Microservices.
• Strong knowledge in Network Security
• Experience in security tools and technologies
• Experience with cryptography: symmetric, asymmetric, PKI, AES, RSA, ECC, ECDH
• Solid presentation skills. Ability to engage the hands-on technical experts. 
• Strong customer focus.
• Strong written and oral communication skills
• Excellent interpersonal/team skills
• Fluent in oral and written English.
• Any certifications in security area are an asset

Desired Qualifications: (Education, Technical Skills/Knowledge)

• Demonstrable skill in several programming languages: e.g. Java, C/C++, Javascript, PHP, python, perl
• Experience with source control & loadbuild tools: e.g. git, gerrit, Jenkins
• Ability to work across multi-national matrix organisation
• Self-starter - able to demonstrate strong sense of business ownership and leadership
• Team Player - able to communicate effectively across Practices and Customer Teams
• Entrepreneurial spirit and sense of personal responsibility
• Desire to learn new skills and new technologies
• Willingness and ability to work in a fast-paced environment
• High level of self-motivation and maturity
  
   

Come create the technology that helps the world act together

Nokia is committed to innovation and technology leadership across mobile, fixed and cloud networks. Your career here will have a positive impact on people’s lives and will help us build the capabilities needed for a more productive, sustainable, and inclusive world.
We challenge ourselves to create an inclusive way of working where we are open to new ideas, empowered to take risks and fearless to bring our authentic selves to work

What we offer
 
Nokia offers continuous learning opportunities, well-being programs to support you mentally and physically, opportunities to join and get supported by employee resource groups, mentoring programs and highly diverse teams with an inclusive culture where people thrive and are empowered.

Nokia is committed to inclusion and is an equal opportunity employer

Nokia has received the following recognitions for its commitment to inclusion & equality:

• One of the World’s Most Ethical Companies by Ethisphere
• Gender-Equality Index by Bloomberg
• Workplace Pride Global Benchmark

At Nokia, we act inclusively and respect the uniqueness of people. Nokia’s employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law. We are committed to a culture of inclusion built upon our core value of respect.
Join us and be part of a company where you will feel included and empowered to succeed.

Additional Information

US/Canada Nokia Offers a comprehensive benefits package that includes but is not limited to:

• Corporate Retirement Savings Plan
• Health and dental benefits
• Short-term disability, and long-term disability
• Life insurance, and AD&D – Company paid 2x base pay
• Optional or Supplemental life and AD&D insurance (Employee/Spouse/Child)
• Paid time off for holidays and Vacation
• Employee Stock Purchase Plan
• Tuition Assistance Plan
• Adoption assistance
• Employee Assistance Program/Work Life Resource Program

The above benefits exclude students.

Disclaimer for US/Canada

Nokia Maintains broad annual base salary ranges for its roles in order to account for variations in knowledge, skills, experience and market conditions, and with consideration to internal peer equity.(Check the salary ranges in the job info section for this role)

All North America job posts will post for a minimum of 7 calendar days and up to 180 days or until candidate/s identified.