Product Security Lead

Family Description

Applied R&D (AR) consists of target-oriented research either with the goal of solving a particular problem / answering a specific question or for multi-discipline design, development, and implementation of hardware, software, and systems including maintenance support. Supplies techno-economic consulting to clients. AR work is characterised by its detailed and complex nature in order to systematically combine existing knowledge and practices to further developing and incrementally improving products, operational processes, and customer-specific feature development.

Subfamily Description

Software (SWA) comprises the definition, specification, and allocation of requirements from different sources utilising knowledge of systems engineering processes (specification & architecture). Contains processing of use case and feature requirements into conceptual models, operational scenarios, technical requirements, and functional description. Covers specification, design, implementation, and unit testing of Software (e.g. device drivers, microcode, hardware-related software & firmware) according to the requirements and architecture defined in the systems engineering process. Covers establishment and maintenance of Software Configuration Management (SCM) practices into software development projects, continuously building and integrating infrastructure tools and systems.

• Interprets internal and external business challenges and recommends best practices to improve products, processes and services.

• Has in-depth organisational and relevant market knowledge and uses understanding on how relevant areas can be integrated to achieve objectives.

• Contributes to strategic decisions within professional area.

• Solves complex problems based on sophisticated analytical thought and complex judgment.

• Contributes to development of concepts to determine professional direction of own organisational unit.

• Acts as a professional leader for staff / workteam / taskforces, often the most senior specialist in a team, who serves as best practice resource within own organisational unit and / or is recognised as an expert within the same professional area in the business.

• Often leads functional teams or projects with moderate resource requirements, risk and complexity, handles day-to-day staff management issues, including resource management and allocation of work.

• Analyses, designs, develops and tests products / services / improvements / bug resolutions for integrated hardware / software systems as per customers' requirements. 

• Manages Subcontracting / Partnership Manager.

• Manages technical requirements from customers’ needs. 

• Delivers SW / HW build-controlled productions releases (EG main and update releases, service packages, maintenance updates, and customer design engineering). 

• Manages product hardware / software evolutions through the creation and release of hardware / software documentation, hardware / software change control management, supplier and customer notifications.

• Retains technical and design knowledge for assigned products and technologies.

• Applies and maintains quality standards. Participates in process and tools evolutions and improvements. 

• Applies the SW Care process (especially emergency case handling) contributing when needed to the fastest problem restoration.

 

Qualifications:

Experience with Cloud Native, Microservices, Containers and Virtualization Technologies like Docker, Kubernetes (K8s), Helm, Ansible, Envoy/Istio, Consul and Open Source Integration

Expert in Design and Development using Cloud Native Principles with Analytical and debugging skills.

Expert  with Cloud Native, Microservices, Containers, and Virtualization Technologies.

Exposure to Agile development methodologies.

Experience with Vulnerability assessment, management and CVE analysis along with impact analysis. 

Involved with Security tests ( Black duck hub, Tenable, Codenomicon, Malware, NMAP, NetSparker, DOS attack, etc) and report analysis.

Design for Security and privacy kept in mind. Ensure that Design for Security & Privacy methodology

Working knowledge on secure protocols ( TLS/DTLS/SSH ), Encryption methodology, Ciphers etc..

Experience on handling/managing SOC, Threat & Risk analysis for a product

Knowledge on RFI/RFQ/RFP tendering process

Experience in Security hardening and Secure DevOps

Any Certification on Security Management is an added advantage

Come create the technology that helps the world act together

Nokia is committed to innovation and technology leadership across mobile, fixed and cloud networks. Your career here will have a positive impact on people’s lives and will help us build the capabilities needed for a more productive, sustainable, and inclusive world.
We challenge ourselves to create an inclusive way of working where we are open to new ideas, empowered to take risks and fearless to bring our authentic selves to work

What we offer
 
Nokia offers continuous learning opportunities, well-being programs to support you mentally and physically, opportunities to join and get supported by employee resource groups, mentoring programs and highly diverse teams with an inclusive culture where people thrive and are empowered.

Nokia is committed to inclusion and is an equal opportunity employer

Nokia has received the following recognitions for its commitment to inclusion & equality:

• One of the World’s Most Ethical Companies by Ethisphere
• Gender-Equality Index by Bloomberg
• Workplace Pride Global Benchmark

At Nokia, we act inclusively and respect the uniqueness of people. Nokia’s employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law.
We are committed to a culture of inclusion built upon our core value of respect.

Join us and be part of a company where you will feel included and empowered to succeed.