Product Security Lead

This role required to define and implement security strategies, policies, and standards for software products, Lead the integration of security best practices into the software development lifecycle, conduct security threat assessments, identify vulnerabilities, and develop mitigation strategies, manage vulnerability detection, tracking, and resolution across product lines, collaborate with development teams to ensure timely remediation of security issues, ensure product security aligns with industry standards such as OWASP, ISO 27001, and NIST, maintain awareness of evolving security threats and proactively improve security defenses, conduct security training sessions for developers, testers, and product teams, foster a security-first culture across engineering teams.

• Handle security and privacy aspects of CSCF product.
• Able to understand telecom security topics and do impact analysis on products / feature areas.
• Interface with Customer teams, Product management and connect well internally with feature teams
• Contribute to R&D improvements from product security point of view.
• Handle/manage SOC, Threat & Risk analysis for a product, conduct security threat assessments, identify vulnerabilities, and develop mitigation strategies.
• Perform risk assessments on existing and new software products.
• Guide development teams in implementing secure coding practices, secure design principles, and code review processes.
• Develop tools and frameworks to automate security testing in CI/CD pipelines.

You have:

• 9+ years of experience in software development or testing within Telecommunications Networks, with expertise in cloud-native design and development.
• Hands on experience with any vulnerability management tool (Ex, VAMS)
• Involved with Security tests (Black duck hub, Tenable, Codenomicon, Malware, NMAP, NetSparker, DOS/DDOS attack, etc) and report analysis.
• Design for Security and privacy kept in mind. Ensure that Design for Security & Privacy methodology
• Working knowledge on secure protocols (TLS/DTLS/SSH ), Encryption methodology, Ciphers etc.

It would be nice if you also had:

• Knowledge on cloud, containerization and related security aspects
• Knowledge about the security architecture of the product.
• Any Certification on Security Management is an added advantage
• Exposure to SAFe agile methodologies will be a plus.

Come create the technology that helps the world act together

Nokia is committed to innovation and technology leadership across mobile, fixed and cloud networks. Your career here will have a positive impact on people’s lives and will help us build the capabilities needed for a more productive, sustainable, and inclusive world.
We challenge ourselves to create an inclusive way of working where we are open to new ideas, empowered to take risks and fearless to bring our authentic selves to work

What we offer
 
Nokia offers continuous learning opportunities, well-being programs to support you mentally and physically, opportunities to join and get supported by employee resource groups, mentoring programs and highly diverse teams with an inclusive culture where people thrive and are empowered.

Nokia is committed to inclusion and is an equal opportunity employer

Nokia has received the following recognitions for its commitment to inclusion & equality:

• One of the World’s Most Ethical Companies by Ethisphere
• Gender-Equality Index by Bloomberg
• Workplace Pride Global Benchmark

At Nokia, we act inclusively and respect the uniqueness of people. Nokia’s employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law.
We are committed to a culture of inclusion built upon our core value of respect.

Join us and be part of a company where you will feel included and empowered to succeed.