NI Product Security Manager - Fixed Networks

NI is looking for an experienced cybersecurity professional to fill the role of Product Security Manager to support release compliance assessments of Fixed Networks Products. In this role you will support various NI business functions, including Product R&D, Services, Customer Teams and Regional Business Centers (RBC’s) to drive enhancement and/or compliance to security & privacy requirements into different aspects of the NI business and evaluate the effectiveness of implemented security controls to mitigate, reduce, or eliminate risks related to Security & Privacy. 

Knowledge on product security engineering and experience in security compliance assessment are prerequisites for this job. Nokia DFSEC is based on both proactive and reactive security engineering. This includes understanding how to translate security controls sets into implementation requirements. An understanding of software engineering and programming is a fundamental requirement for this role, because NI products, services and solutions are software based and product security begins with understanding design aspects that can introduce security risks. Candidates should have knowledge and experience in conducting product security risk assessment, including use of threat and risk modelling and Privacy Impact Assessments using techniques and tools to successfully coaching teams to identify gaps, develop risk treatment plans or development roadmaps to address issues identified.

Experience in performing security vulnerability scanner-based product security assessments and analysis and remediation planning of findings is required. Knowledge on the use of the DFSEC Compliance Tool and the Vulnerability Assessment and Management System tools are desired skills sets for this job.

This role will require knowledge of application security engineering and testing, secure software development practices and broad knowledge of application and network vulnerabilities, including how attacker types exploit them. Configuring and running various types of security test tools (EG, Threat Modeler, SAST, DAST, Fuzz, Vulnerability, Security Hardening tool types), generating reports, communicating findings with development teams and negotiating remediation of issues are key components of the role. 

You play a key role to promote Nokia standards and guidance for applying the Nokia DFSEC process, as well as collaborate with other Nokia security teams on continual improvement to these standards and guidance to build a stronger security culture across NI.

As a senior engineer you will help define and build NI security expertise, including NI specific security standards, guidelines and standard operating procedures and execute the targets of the security program across NI. You will be a source of coaching and mentoring for security expertise within NI and Nokia.  Additionally the PSM will support the greater Nokia Pegasus Product Security Improvement program by representing and support NI interests in cross business security improvement initiatives.
 

• Act as a Subject Matter Expert (SME) on key software security engineering topics
• To increase security awareness in the NI business units
• Drive adoption of the Nokia CREATE and DFSEC processes across NI business units
• Influence product roadmaps to include relevant security and privacy features
• Working with software designers, developers, project managers, DevOps, and testers, to review, assist and recommend changes and solutions to address the security of web, cloud-based and mobile solutions
• Conducting security assessments using industry-standard tools and techniques 
• Lead security reviews in NI Quality product development lifecycle milestone meetings
• Analyzing and assisting in the secure testing of applications and network infrastructure
• Reviewing and explaining vulnerability assessment and penetration test report findings to key stakeholders
• Producing reports to demonstrate assessment coverage and remediation effectiveness, and working with the product engineers and software teams to ensure corrective actions are implemented
• Supporting engineering teams securing software and platforms
• Ensure that Nokia DFSEC and Security Vulnerability Monitoring (SVM) processes are being implemented
• Continuous contribute to improving the NI security maturity, Nokia product security policies, processes, standards, requirements and guidelines
• Provide support to incident response management teams
• Coaching and mentoring NI security team member
• Support NI Incident Response activities (Security & Privacy)
• Be a key point of contact for Customer Security requests
• Support the NI business in ISO 27001 Certification efforts through program coordination or site SPoC leadership.
• Be a subject matter expert (SME) for Security & Privacy to all aspects of the NI business related to different global Legal & Regulatory compliance requirements (e.g., GDPR, NIST, CCPA, ANSSI, CSL etc.) 

  You have:

• Bachelors Degree in Computer Science or related degree
• 5+ years of experience in product security compliance roles
• Technical proficiency with secure product development skills
• Experience applying security engineering in an agile development environment 
• Experience providing security assurance support to engineering and product management teams
• Ability to analyze and solve complex 
• Software development background and proficiency in scripting languages
• Demonstrated, good oral and written communication skills
• Demonstrated ability to work and collaborate within globally distributed development teams
• Ability to enhance team learning environment with coaching and mentoring

It would be nice if you also had:

• Knowledge and experience with Nokia DFSEC Compliance Tool and Nokia Vulnerability Assessment and Management System tools
• Knowledge of security requirements for cloud native and containerized products
• Knowledge of securing web applications, mobile applications and network elements
• Expertise in Microsoft Office Suite of team collaboration tools including Microsoft Outlook, Excel, Word, PowerPoint, SharePoint, Teams and OneNote
• Experience with Atlassian JIRA and Confluence tools
• Experience with left-shift of security testing into Continuous Integration/Continuous Deployment (CI/CD) environments
• Experience conducting secure code reviews
• Knowledge of the European General Data Protection Regulation (GDPR), China CyberSecurity Law (CSL) and other global legal/regulatory requirements around security & privacy would also be an asset.

 Desired Industry Certifications: 

• (ISC)2 Certified Information Systems Security Professional (CISSP)
• EC-Council, Certified Application Security Engineer (CASE) 

 

Benefits

• We provide a comprehensive private life and medical insurance plan to safeguard your well-being and that of your family.
• As part of our commitment to your health, we offer an annual medical check-up program.
• We offer a pension plan to help you plan for your future and ensure financial security after retirement.
• Enjoy the convenience of a ticket restaurant e-card, which can be used at various restaurants and eateries according to our policy (currently at €120 monthly)
• You will be provided with a company mobile device and subscription to stay connected and efficient in your work.
• We offer company bus transportation to facilitate your daily commute to and from work.
• Benefit from flexible working hours and the option to work in a hybrid or remote mode, providing a better work-life balance.
• Receive a one-time payment of €350 as cash support for hybrid or remote mode arrangements.
• Take advantage of our Personal Support Service, which provides confidential and professional support and guidance on a range of emotional, practical, and work-life topics.
• Participate in Nokia's voluntary employee share purchase plan, allowing you to share in the company's success.
• Our Employee Recognition program, "Everyday Excellence," acknowledges and rewards outstanding contributions. You can redeem awards through our online store.
• Earn a generous referral bonus of €2.000, one of the highest in the market, for referring qualified candidates to join our team.
• Enjoy 90 calendar days of paid leave for the arrival of a new child.
• Engage in social clubs and cultural activities organized by the company to foster a sense of community and well-being.
• E-Learning Platforms: Access renowned e-learning platforms such as NokiaEDU, Harvard ManageMentor, and LinkedIn Learning for technical training and personal development.

Come create the technology that helps the world act together

Nokia is committed to innovation and technology leadership across mobile, fixed and cloud networks. Your career here will have a positive impact on people’s lives and will help us build the capabilities needed for a more productive, sustainable, and inclusive world.
We challenge ourselves to create an inclusive way of working where we are open to new ideas, empowered to take risks and fearless to bring our authentic selves to work

What we offer
 
Nokia offers continuous learning opportunities, well-being programs to support you mentally and physically, opportunities to join and get supported by employee resource groups, mentoring programs and highly diverse teams with an inclusive culture where people thrive and are empowered.

Nokia is committed to inclusion and is an equal opportunity employer

Nokia has received the following recognitions for its commitment to inclusion & equality:

• One of the World’s Most Ethical Companies by Ethisphere
• Gender-Equality Index by Bloomberg
• Workplace Pride Global Benchmark

At Nokia, we act inclusively and respect the uniqueness of people. Nokia’s employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law.
We are committed to a culture of inclusion built upon our core value of respect.

Join us and be part of a company where you will feel included and empowered to succeed.