5G Core Product Security Lead

Job Description

We are looking for a Product Security Lead to join our P&E Security Eng team to define and implement security strategies, policies, and standards across our product line. In this role, you will work closely with engineering, DevOps, and compliance teams to ensure security is integrated throughout the software development lifecycle (SDLC). Your expertise will help protect our product from evolving cyber threats while ensuring compliance with all Nokia best practices and security standards.

How You Will Contribute And What You Will Learn

• Design, Develop, and release Security Hardening Solutions; leading the strategy and document the following technical specifications, per release:
• Security Architecture Specification
• Security Threat and Risk Analysis
• Hardening Specification
• Security Test reports
• Work with the Program and Product Managers to ensure that product meets Nokia DFSEC (Design for Security) requirements.
• Work with 3rd Party Auditors for supporting NESAS evaluation of the product.
• Provide expert assessment on vulnerability reports using the following tools: Tenable, Anchore, Black Duck Hub, Xray and VAMS. Use the Common Vulnerability Scoring System for each of the vulnerabilities identified in the product.
• Work with the R&D team to provide software patches which reduce the number of vulnerabilities within the product
• Define the requirements of the product’s regression Security testing activities (port scanning, vulnerability and malware scanning, compliance testing, fuzz and flood testing , etc).
• Make sure that all software components respect Nokia legal requirements.
• Guide development teams in implementing secure coding practices, secure design principles, and code review processes.
  
  

Key Skills And Experience

Must Have:

• Bachelor´s degree required (Masters/PhD preferred) in a technical field (Computer Science, Electrical Engineering, etc.). Any certification in security area is an asset
• Minimum of 8 years of experience in software developmentwithin Telecommunications Networks, with expertise in cloud-native design.
• Strong knowledge in Network Security, in design for security and privacy requirements (e.g. GDPR, etc.) and in Docker, OpenStack, Kubernetes and Containerized Applications. In addition, working knowledge on secure protocols (TLS/DTLS/SSH ), Encryption methodology, Ciphers etc.
• Experience in security tools and technologies
• Strong customer focus, written and oral communication skills, interpersonal/team skills and presentation skills
• Familiarity with application layer risk/vulnerabilities, attacks and security principles
• In depth knowledge of Unix OS and it’s security and hardening principles
  
  

Nice to have:

• Ability to work across multi-national, fast-paced environment
• Self-starter - able to demonstrate strong sense of business ownership and leadership
• Entrepreneurial spirit and sense of personal responsibility
  
  

About Us

Advancing connectivity to secure a brighter world.

Nokia is a global leader in connectivity for the AI era. With expertise across fixed, mobile and transport networks, powered by the innovation of Nokia Bell Labs, we’re advancing connectivity to secure a brighter world.

Learn more about life at Nokia .

About The Business Group

In Cloud and Network Services, as Nokia's growth engine, we create value for communication service providers and enterprise customers by leading the transition to cloud-native software and as-a-service delivery models. Our inclusive team of dreamers, doers and disruptors push the limits from impossible to possible.

Our recruitment process

We act inclusively and respect the uniqueness of people. Our employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law. We are committed to a culture of inclusion built upon our core value of respect.

If you’re interested in this role but don’t meet every listed requirement, we still encourage you to apply. Unique backgrounds, perspectives, and experiences enrich our teams, and you may be just the right candidate for this or another opportunity.

The length of the recruitment process may vary depending on the specific role's requirements. We strive to ensure a smooth and inclusive experience for all candidates. Discover more about the recruitment process at Nokia .