Product Security Lead - Core SaaS

Family Description

Applied R&D (AR) consists of target-oriented research either with the goal of solving a particular problem / answering a specific question or for multi-discipline design, development, and implementation of hardware, software, and systems including maintenance support. Supplies techno-economic consulting to clients. AR work is characterised by its detailed and complex nature in order to systematically combine existing knowledge and practices to further developing and incrementally improving products, operational processes, and customer-specific feature development.

Subfamily Description

Integration, Verification & Testing (IVT) comprises the integration of SW and / or HW or system components into system, platform, product releases, or networks and verifies the integrated entity or network against particular requirements and specifications. Covers setup and maintenance of laboratory and associated equipment, tools, and devices.

 

The team you’ll be part of

The positions belongs to Nokia Core Networks unit, and inside that to the Technology and Platforms (T&P) team.
T&P’s Automation R&D is providing solutions and tools for efficient delivery of Nokia’s 5G-, Cloud Native Core product portfolio around the globe, including SaaS deliveries. For these deliveries, we are automating dimensioning, configuration, artefact creation activities, as well as design documentation generation (HLD, LLD). The tooling, is being used by the Nokia Services teams, via which we ensure speedy and efficient deployment of 5G core networks at the Operators and at the Enterprise customers. 
 

The position itself is about to act as the Product Security Lead for the Core SaaS Solution.

Security for the Core SaaS is critical, since we are not only responsible for the typical SW development related security topics, but have to consider deploymet related topics in a public cloud environment as well.

As a Core SaaS security PSL, on is responsible to 

Ensure proper execution of Design for Security & Privacy guideline for SaaS. This covers multiple aspects such as:

- for SaaS deliverables interpret and apply DfSec guidelines

- for the member products in the SaaS Services, monitor and track the DfSec execution status, together with the own PSLs of those products

- proactively extend and tune DfSec dictated requirements for solution/system type of products, having multiple standalone products included.

Act as SPOC for SaaS SVM:

SaaS is built from multiple individual products running their own SVM processes. SaaS PSL is expected to run and coordinate the SVM process for the combination of those member products by coordinating and making their products specific responses (analysis results, mitigation plans, scheduling) convergent. For the own deliverables of SaaS SVM to be applied as described in DfSec.

Improve and create best practices and security guidelines for pubic cloud based deployments.

Ensure proper planning and execution of system level hardening for Core SaaS, including both the infrastructure layer and the business logic layer.

Support SaaS RfX and certification type of customer requests. This requires the coordination of member product level responses, and also to add system level aspects, especially in the area of zero trust philosophy 

• Understanding of the SaaS model; experience in this area is a plus.
• Familiarity with design principles for security and privacy, along with foundational knowledge of product security topics.
• Practical experience or training in security considerations for public cloud deployments, including hands-on practice.
• Willingness to engage in implementation tasks alongside specification development.
• Knowledge of various security aspects related to software development and operations.
• Experience with PSL for individual products or solutions is advantageous.
• Familiarity with container technologies, particularly Kubernetes.
• Understanding of IP networking principles.
• Proficiency in at least one scripting language
   

Come create the technology that helps the world act together

Nokia is committed to innovation and technology leadership across mobile, fixed and cloud networks. Your career here will have a positive impact on people’s lives and will help us build the capabilities needed for a more productive, sustainable, and inclusive world.
We challenge ourselves to create an inclusive way of working where we are open to new ideas, empowered to take risks and fearless to bring our authentic selves to work

What we offer
 
Nokia offers continuous learning opportunities, well-being programs to support you mentally and physically, opportunities to join and get supported by employee resource groups, mentoring programs and highly diverse teams with an inclusive culture where people thrive and are empowered.

Nokia is committed to inclusion and is an equal opportunity employer

Nokia has received the following recognitions for its commitment to inclusion & equality:

• One of the World’s Most Ethical Companies by Ethisphere
• Gender-Equality Index by Bloomberg
• Workplace Pride Global Benchmark

At Nokia, we act inclusively and respect the uniqueness of people. Nokia’s employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law.
We are committed to a culture of inclusion built upon our core value of respect.

Join us and be part of a company where you will feel included and empowered to succeed.