Threat Hunting Security Professional

Join us in creating the technology that helps the world act together

We are a B2B technology innovation leader pioneering the future where networks meet cloud. At Nokia you will have a positive impact on people’s lives and help build the capabilities needed for a more productive, sustainable, and accessible world.

Be part of a culture built on an inclusive way of working where we are open to your ideas, you are empowered to take risks and are encouraged to be fearless in bringing your authentic self to work.

The team you'll be part of

Strategy and Technology lays the path for Nokia’s future technology innovation and identifies the most promising areas for Nokia to create new value. We set the company’s strategy and technology vision, offer an unparalleled research foundation for innovation, and provide critical support infrastructure for Nokia.

Part of Strategy & Technology, Group Security (GS) is Nokia’s central knowledge center responsible for Nokia’s cyber security policies and standards, the cyber security architecture and roadmap, and the monitoring, alerting of security incidents.

We partner with the Nokia Business Groups and Central Functions on product security, customer security, and interact with governments on security regulations.

Together we take care of Nokia’s security culture, processes, systems, products and services to position Nokia as a trusted partner for the 5G era and beyond

The Cyber Security Defense Center (CDC) is looking for a Threat Intelligence and Threat Hunting Security Professional taking up responsibilities in the CDC Engineering and Threat Hunting Team.

What you will learn and contribute to

Nokia’s CDC has established a ‘Threat Intelligence & Threat Hunting Capability’. This consists out of 3 main activities: ‘Threat Intelligence’ – ‘Threat Modeling’ – ‘Threat Hunting’.

The focus of ‘Threat Intelligence’ is on gathering information on threats that may affect Nokia when executed. A timely understanding of these threats allows to validate whether the existing security measures are effective or need to be updated or introduced. To make this happen, the gathered intelligence needs to be evaluated and the relative priorities established as it is not feasible (nor sustainable) to focus on every reported threat. The prioritization of threats and the translation of the info into threat models is taken care of by the ‘Threat Modeling’.

Finally, to validate whether additional security measures need to be taken, it is up to the ‘Threat Hunting’ team to perform the necessary validations (i.e., standalone or in collaboration with other parties such as Computer Emergency Response Team) and to provide insights on the observations made.

 In the remainder of this document, the profile we’re looking for will be referenced as ‘TI & TH-professional’.

 The TI & TH-professional is capable of addressing the challenges regarding the management of Threat Intelligence information (aka TI info). I.e. establish an effective lifecycle management and incrementally improve the value add of the available threat intel through the (auto-)enrichment of security event data. The activities in scope of the TI activities include (non-exhaustive view):

-          Identification of relevant TI-feeds in support of stakeholders needs

-          Support (auto-)enrichment of event information through the ingestion of TI information in our TI platform (MISP)

-          Support the establishment of an effective TI reporting mechanism

-          Look for options to improve the ‘value add’ of the available intel

Information available through the TI-capability pillars ‘Threat Intelligence’ & ‘Threat Modeling’ is used to identify the potential threats and prioritize these for evaluation through a dedicated hunt. To streamline the activities in support of defined hunts, the hunt team takes a process-based approach, leveraging the PEAK-model.

Focus of ‘Threat Hunting’ is on investigating a defined threat hypothesis and hunt for information that will (dis)prove the hypothesis. The outcome of the hunt is used to inform the relevant team stakeholders and to propose improvements to existing detection rules or define new ones.

The ‘TI & TH-professional’ will actively supported the execution of defined hunts and diligently carry out the full lifecycle, i.e. from hypothesis definition up to documenting findings and sharing the insights with stakeholders. The activities in scope include (non-exhaustive view):

·       Digest the information made available through the TI- and TM-activities

·       Propose topics for new hunts, considering the priorities associated with specific TTPs

·       Prepare the execution of hunts, including a validation whether the prerequisites to successfully execute a hunt are met

·       Execute the hunt, in line with the agreed restrictions (i.e. time, scope, effort)

·       Consolidate findings and involve relevant stakeholders to discuss them; in the event security gaps are found, ensure that the right steps are taken to get these gaps (eventually) resolved

·       Upon concluding the hunt, document findings and, when relevant, suggest improvements for future hunts

Gradually, the focus will shift towards including the outcome of ‘Threat Modelling’-activities as an effective ‘Threat Hunting’-capability heavily depends on having access to relevant and well-maintained threat models.

To realize this, the ‘TI & TH-professional’ will have to work with both external parties (e.g., IT support) as well as internal parties (e.g., CDC Operations, CERT), so the ability to connect and engage with other parties is key. A ‘continuous improvement’-mindset is of essence as the insights resulting from a hunt can be overwhelming - what is found to be ineffective today, will still be tomorrow. Also, not every hunt will result in an actionable finding – it is expected from the “TI & TH-professional” to give this the proper perspective. The “TI &TH-professional” will be able to count on the services of multiple teams when executing threat hunts – it will be key to involve the right teams at the right time.

Your skills and experience

In the overview below, a series of requirements or expectations are listed. This overview is not to be considered as a need-to-have for all but, in the case a particular expectation cannot be met, it is expected that the applicant is aspiring to (eventually) fulfill the expectation.

• BSc or MSc (preferred) degree in computer science or related technical field
• Have +5 years of experience in cyber security (or equivalent by education and/or interest)
• Having practical/hands-on experience in ‘Threat Intelligence’ in the context of ‘Information Security’ is a plus; if not present at the time of soliciting for this position, commit to work towards mastering the topic on the short to mid term
• Having experience as an analyst in a SOC is considered a plus
• Having a security certification is considered a plus (e.g. CEH, CHFI); if not in place at the moment of soliciting for this position, be willing to obtain a certification in due time
• Understand the activities in support of Threat Hunting and be able to demonstrate it
• Terminologies such as CIA, SIEM, SOC, TTPs and MITRE ATT&CK are no secret to you and you’re able to demonstrate an active understanding of it
• Be familiar with the approach taken to define SIEM detection rules and, when relevant, be able to translate hunt findings into improvements to existing detection rules or propose new rules
• Be able to work in a standalone way with a minimum of guidance and oversight – in case assignments are not clear, it is expected from the applicant to make this known to the peers or team lead and drive it towards a resolution.
• Knowledge of scripting and programming languages is a plus (e.g. Python, Powershell)
• Show eagerness in getting to ‘the bottom’ of a given hunt
• Be fluent in English (oral and written)
   

Come create the technology that helps the world act together

Nokia is committed to innovation and technology leadership across mobile, fixed and cloud networks. Your career here will have a positive impact on people’s lives and will help us build the capabilities needed for a more productive, sustainable, and inclusive world.
We challenge ourselves to create an inclusive way of working where we are open to new ideas, empowered to take risks and fearless to bring our authentic selves to work

What we offer
 
Nokia offers continuous learning opportunities, well-being programs to support you mentally and physically, opportunities to join and get supported by employee resource groups, mentoring programs and highly diverse teams with an inclusive culture where people thrive and are empowered.

Nokia is committed to inclusion and is an equal opportunity employer

Nokia has received the following recognitions for its commitment to inclusion & equality:

• One of the World’s Most Ethical Companies by Ethisphere
• Gender-Equality Index by Bloomberg
• Workplace Pride Global Benchmark

At Nokia, we act inclusively and respect the uniqueness of people. Nokia’s employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law.
We are committed to a culture of inclusion built upon our core value of respect.

Join us and be part of a company where you will feel included and empowered to succeed.