Security Operations Specialist

The Security Operation Specialist has the end to end responsibility for the physical and logical security of the Network/Services, OSS/SQM and Infrastructure in accordance with the security policy technically manages and operates components of security services provided to end users of Nokia customers, within service levels agreed with those customers.

Core Responsibilities…

Incident Handling and Escalation:

• Investigate and analyze escalated security alerts from SOC Level 1 (L1) analysts.
• Take ownership of incidents requiring detailed analysis and advanced response.
• Escalate incidents to SOC Level 3 (L3) or specialized teams if necessary.

Threat Analysis:

• Perform in-depth analysis of suspicious activities, malware, and potential security incidents.
• Use tools like SIEM, EDR, and threat intelligence platforms to assess the scope and impact of incidents.
• Identify root causes and recommend appropriate mitigation measures.

Proactive Threat Hunting:

• Conduct proactive hunting for threats and anomalies in the network and systems.
• Leverage frameworks like MITRE ATT&CK to identify gaps and potential attack vectors.

SIEM Management and Optimization:

• Fine-tune SIEM rules and correlation engines to reduce false positives and improve alert quality.
• Develop custom queries and dashboards to enhance monitoring and reporting capabilities.

Response Coordination:

• Execute containment, eradication, and recovery procedures during incidents.
• Work closely with IT and other stakeholders to ensure proper resolution and prevention of future incidents.

Log Analysis:

• Analyze logs from various sources (e.g., firewalls, servers, endpoints, applications).
• Correlate log data to detect patterns indicative of security events.

Operational Responsibilities…

Documentation and Reporting:

• Prepare detailed incident reports, root cause analysis (RCA) documentation, and post-incident reviews.
• Maintain accurate records of investigations and actions taken.

Collaboration and Communication:

• Liaise with SOC L1 analysts to ensure proper alert triage and escalation.
• Communicate findings and recommendations to management and other teams clearly and concisely.

Threat Intelligence Integration:

• Incorporate threat intelligence feeds into monitoring and response processes.
• Stay updated on the latest threats, vulnerabilities, and exploits.

Tool Utilization and Development:

• Use cybersecurity tools effectively for detection, analysis, and response.
• Assist in the implementation and testing of new tools and technologies.

Training and Mentorship…

Guiding SOC L1 Analysts:

• Provide guidance and support to L1 analysts for escalations and skill development.
• Conduct knowledge-sharing sessions or workshops on advanced security topics.

Continuous Learning:

• Participate in training programs and certifications to stay updated on cybersecurity best practices and tools.
• Share new learnings with the team to enhance collective expertise.

Compliance and Risk Management…

Policy Adherence:

• Ensure that incident handling aligns with organizational policies, regulatory requirements, and industry standards.
• Contribute to the development of incident response playbooks and runbooks.

Security Assessments:

• Assist in vulnerability assessments and penetration testing efforts.
• Evaluate the effectiveness of implemented security controls and provide improvement recommendations.

KPIs and Success Metrics…

• Incident Response Time: Reduce time to detect (TTD) and time to respond (TTR) for incidents.
• Alert Accuracy: Improve the accuracy of alerts through SIEM tuning and threat hunting.
• Documentation Quality: Maintain high standards in incident reports and knowledge base updates.
• Collaboration Effectiveness: Ensure smooth handoffs and communications between SOC tiers.

Knowledge & Experience…

• Typically 4+ years of experience in a cybersecurity role, preferably in a SOC or similar operational environment.
• Familiarity with common attack vectors, TTPs (tactics, techniques, and procedures), and defensive measures.

Technical Skills…

Incident Analysis & Response:

• Strong ability to investigate, analyze, and respond to security incidents.
• Experience with Incident Response processes (e.g., triaging alerts, containment, eradication, and recovery).

SIEM Expertise:

• Proficiency in using SIEM (Security Information and Event Management) tools such as Splunk.
• Ability to create and tune alerts, analyze logs, and write custom queries.

Network Security:

• Understanding of network protocols (TCP/IP, DNS, HTTP/S, etc.).
• Familiarity with firewall, IDS/IPS systems, and network traffic analysis tools like Wireshark.

Endpoint Security:

• Knowledge of Endpoint Detection and Response (EDR) tools like CrowdStrike, SentinelOne, or Carbon Black.

Threat Intelligence:

• Familiarity with threat intelligence feeds, frameworks like MITRE ATT&CK, and indicators of compromise (IOCs).

Malware Analysis Basics:

• Ability to conduct basic static and dynamic malware analysis to identify malicious activity.

Vulnerability Management:

• Understanding of vulnerability scanning tools like Nessus, Qualys, or OpenVAS.

Scripting & Automation:

• Basic scripting skills (e.g., Python, PowerShell, or Bash) to automate repetitive tasks.

 

Soft Skills…

Analytical Thinking:

• Ability to analyze complex datasets and identify patterns or anomalies.

Problem-Solving:

• Quick decision-making skills during incident handling and critical thinking under pressure.

Communication:

• Clear reporting and documentation skills for incident reports and executive summaries.
• Ability to communicate technical findings to non-technical stakeholders.

Team Collaboration:

• Work effectively with other SOC team members, IT departments, and external teams.

Certifications…

While not mandatory, the following certifications are often preferred:

• CompTIA Security+
• Certified SOC Analyst (CSA)
• Certified Ethical Hacker (CEH)
• Splunk Certified User/Power User or similar SIEM-specific certifications.

Tools Proficiency…

• SOC Tools: SIEM, EDR, IDS/IPS, SOAR (Security Orchestration, Automation, and Response).
• Threat Intelligence Platforms: ThreatConnect, Recorded Future.
• Ticketing Systems: ServiceNow, JIRA, BMC Remedy.

 

Come create the technology that helps the world act together

Nokia is committed to innovation and technology leadership across mobile, fixed and cloud networks. Your career here will have a positive impact on people’s lives and will help us build the capabilities needed for a more productive, sustainable, and inclusive world.
We challenge ourselves to create an inclusive way of working where we are open to new ideas, empowered to take risks and fearless to bring our authentic selves to work

What we offer
 
Nokia offers continuous learning opportunities, well-being programs to support you mentally and physically, opportunities to join and get supported by employee resource groups, mentoring programs and highly diverse teams with an inclusive culture where people thrive and are empowered.

Nokia is committed to inclusion and is an equal opportunity employer

Nokia has received the following recognitions for its commitment to inclusion & equality:

• One of the World’s Most Ethical Companies by Ethisphere
• Gender-Equality Index by Bloomberg
• Workplace Pride Global Benchmark

At Nokia, we act inclusively and respect the uniqueness of people. Nokia’s employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law.
We are committed to a culture of inclusion built upon our core value of respect.

Join us and be part of a company where you will feel included and empowered to succeed.