Nokia NI Product Security Manager - Fixed Networks 

Greece 

148867545

Knowledge on product security engineering and experience in security compliance assessment are prerequisites for this job. Nokia DFSEC is based on both proactive and reactive security engineering. This includes understanding how to translate security controls sets into implementation requirements. An understanding of software engineering and programming is a fundamental requirement for this role, because NI products, services and solutions are software based and product security begins with understanding design aspects that can introduce security risks. Candidates should have knowledge and experience in conducting product security risk assessment, including use of threat and risk modelling and Privacy Impact Assessments using techniques and tools to successfully coaching teams to identify gaps, develop risk treatment plans or development roadmaps to address issues identified.

Experience in performing security vulnerability scanner-based product security assessments and analysis and remediation planning of findings is required. Knowledge on the use of the DFSEC Compliance Tool and the Vulnerability Assessment and Management System tools are desired skills sets for this job.

This role will require knowledge of application security engineering and testing, secure software development practices and broad knowledge of application and network vulnerabilities, including how attacker types exploit them. Configuring and running various types of security test tools (EG, Threat Modeler, SAST, DAST, Fuzz, Vulnerability, Security Hardening tool types), generating reports, communicating findings with development teams and negotiating remediation of issues are key components of the role.

As a senior engineer you will help define and build NI security expertise, including NI specific security standards, guidelines and standard operating procedures and execute the targets of the security program across NI. You will be a source of coaching and mentoring for security expertise within NI and Nokia. Additionally the PSM will support the greater Nokia Pegasus Product Security Improvement program by representing and support NI interests in cross business security improvement initiatives.

• Act as a Subject Matter Expert (SME) on key software security engineering topics
• To increase security awareness in the NI business units
• Drive adoption of the Nokia CREATE and DFSEC processes across NI business units
• Influence product roadmaps to include relevant security and privacy features
• Working with software designers, developers, project managers, DevOps, and testers, to review, assist and recommend changes and solutions to address the security of web, cloud-based and mobile solutions
• Conducting security assessments using industry-standard tools and techniques
• Lead security reviews in NI Quality product development lifecycle milestone meetings
• Analyzing and assisting in the secure testing of applications and network infrastructure
• Reviewing and explaining vulnerability assessment and penetration test report findings to key stakeholders
• Producing reports to demonstrate assessment coverage and remediation effectiveness, and working with the product engineers and software teams to ensure corrective actions are implemented
• Supporting engineering teams securing software and platforms
• Ensure that Nokia DFSEC and Security Vulnerability Monitoring (SVM) processes are being implemented
• Continuous contribute to improving the NI security maturity, Nokia product security policies, processes, standards, requirements and guidelines
• Provide support to incident response management teams
• Coaching and mentoring NI security team member
• Support NI Incident Response activities (Security & Privacy)
• Be a key point of contact for Customer Security requests
• Support the NI business in ISO 27001 Certification efforts through program coordination or site SPoC leadership.
• Be a subject matter expert (SME) for Security & Privacy to all aspects of the NI business related to different global Legal & Regulatory compliance requirements (e.g., GDPR, NIST, CCPA, ANSSI, CSL etc.)

You have:

• Bachelors Degree in Computer Science or related degree
• 5+ years of experience in product security compliance roles
• Technical proficiency with secure product development skills
• Experience applying security engineering in an agile development environment
• Experience providing security assurance support to engineering and product management teams
• Ability to analyze and solve complex
• Software development background and proficiency in scripting languages
• Demonstrated, good oral and written communication skills
• Demonstrated ability to work and collaborate within globally distributed development teams
• Ability to enhance team learning environment with coaching and mentoring

It would be nice if you also had:

• Knowledge and experience with Nokia DFSEC Compliance Tool and Nokia Vulnerability Assessment and Management System tools
• Knowledge of security requirements for cloud native and containerized products
• Knowledge of securing web applications, mobile applications and network elements
• Expertise in Microsoft Office Suite of team collaboration tools including Microsoft Outlook, Excel, Word, PowerPoint, SharePoint, Teams and OneNote
• Experience with Atlassian JIRA and Confluence tools
• Experience with left-shift of security testing into Continuous Integration/Continuous Deployment (CI/CD) environments
• Experience conducting secure code reviews
• Knowledge of the European General Data Protection Regulation (GDPR), China CyberSecurity Law (CSL) and other global legal/regulatory requirements around security & privacy would also be an asset.

Desired Industry Certifications:

• (ISC)2 Certified Information Systems Security Professional (CISSP)
• EC-Council, Certified Application Security Engineer (CASE)

Benefits

• We provide a comprehensive private life and medical insurance plan to safeguard your well-being and that of your family.
• As part of our commitment to your health, we offer an annual medical check-up program.
• We offer a pension plan to help you plan for your future and ensure financial security after retirement.
• Enjoy the convenience of a ticket restaurant e-card, which can be used at various restaurants and eateries according to our policy (currently at €120 monthly)
• You will be provided with a company mobile device and subscription to stay connected and efficient in your work.
• We offer company bus transportation to facilitate your daily commute to and from work.
• Benefit from flexible working hours and the option to work in a hybrid or remote mode, providing a better work-life balance.
• Receive a one-time payment of €350 as cash support for hybrid or remote mode arrangements.
• Take advantage of our Personal Support Service, which provides confidential and professional support and guidance on a range of emotional, practical, and work-life topics.
• Participate in Nokia's voluntary employee share purchase plan, allowing you to share in the company's success.
• Our Employee Recognition program, "Everyday Excellence," acknowledges and rewards outstanding contributions. You can redeem awards through our online store.
• Earn a generous referral bonus of €2.000, one of the highest in the market, for referring qualified candidates to join our team.
• Enjoy 90 calendar days of paid leave for the arrival of a new child.
• Engage in social clubs and cultural activities organized by the company to foster a sense of community and well-being.
• E-Learning Platforms: Access renowned e-learning platforms such as NokiaEDU, Harvard ManageMentor, and LinkedIn Learning for technical training and personal development.

Nokia has received the following recognitions for its commitment to inclusion & equality:

• One of the World’s Most Ethical Companies by Ethisphere
• Gender-Equality Index by Bloomberg
• Workplace Pride Global Benchmark