NI Product Security Manager
NI Network Infrastructure
Athens, Greece, Greece
πριν από 2 μέρες

What you will learn and contribute to

NI is looking for an experienced cybersecurity professional to fill the role of Product Security Manager. In this role you will support various NI business functions, including Product R&D, Services, Customer Teams and Regional Business Centers (RBC’s) to drive enhancement and / or compliance to security & privacy requirements into different aspects of the NI business and evaluate the effectiveness of implemented security controls to mitigate, reduce, or eliminate risks related to Security & Privacy.

Knowledge on product security engineering and experience in security compliance assessment are prerequisites for this job.

Nokia DFSEC is based on both proactive and reactive security engineering. This includes understanding how to translate security controls sets into implementation requirements.

An understanding of software engineering and programming is a fundamental requirement for this role, because NI products, services and solutions are software based and product security begins with understanding design aspects that can introduce security risks.

Candidates should have knowledge and experience in conducting product security risk assessment, including use of threat and risk modelling and Privacy Impact Assessments using techniques and tools to successfully coaching teams to identify gaps, develop risk treatment plans or development roadmaps to address issues identified.

Experience in performing security vulnerability scanner-based product security assessments and analysis and remediation planning of findings is required.

Knowledge on the use of the DFSEC Compliance Tool and the Vulnerability Assessment and Management System tools are desired skills sets for this job.

This role will require knowledge of application security engineering and testing, secure software development practices and broad knowledge of application and network vulnerabilities, including how attacker types exploit them.

Configuring and running various types of security test tools (EG, Threat Modeler, SAST, DAST, Fuzz, Vulnerability, Security Hardening tool types), generating reports, communicating findings with development teams and negotiating remediation of issues are key components of the role.

You play a key role to promote Nokia standards and guidance for applying the Nokia DFSEC process, as well as collaborate with other Nokia security teams on continual improvement to these standards and guidance to build a stronger security culture across NI.

As a senior engineer you will help define and build NI security expertise, including NI specific security standards, guidelines and standard operating procedures and execute the targets of the security program across NI.

You will be a source of coaching and mentoring for security expertise within NI and Nokia.

Are you passionate about solving problems?

As part of our team, you will :

  • Act as a Subject Matter Expert (SME) on key software security engineering topics
  • To increase security awareness in the NI business units
  • Drive adoption of the Nokia CREATE and DFSEC processes across NI business units
  • Influence product roadmaps to include relevant security and privacy features
  • Working with software designers, developers, project managers, DevOps, and testers, to review, assist and recommend changes and solutions to address the security of web, cloud-based and mobile solutions
  • Conducting security assessments using industry-standard tools and techniques
  • Lead security reviews in NI Quality product development lifecycle milestone meetings
  • Analyzing and assisting in the secure testing of applications and network infrastructure
  • Reviewing and explaining vulnerability assessment and penetration test report findings to key stakeholders
  • Producing reports to demonstrate assessment coverage and remediation effectiveness, and working with the product engineers and software teams to ensure corrective actions are implemented
  • Supporting engineering teams securing software and platforms
  • Ensure that Nokia DFSEC and Security Vulnerability Monitoring (SVM) processes are being implemented
  • Continuous contribute to improving the NI security maturity, Nokia product security policies, processes, standards, requirements and guidelines
  • Provide support to incident response management teams
  • Coaching and mentoring NI security team member
  • Support NI Incident Response activities (Security & Privacy)
  • Be a key point of contact for Customer Security requests
  • Support the NI business in ISO 27001 Certification efforts through program coordination or site SPoC leadership.
  • Be a subject matter expert (SME) for Security & Privacy to all aspects of the NI business related to different global Legal & Regulatory compliance requirements (e.
  • g., GDPR, NIST, CCPA, ANSSI, CSL etc.)

    Your skills and experience

    You have :

  • Bachelors Degree in Computer Science or related degree
  • 5+ years of experience in product security compliance roles
  • Technical proficiency with secure product development skills
  • Experience applying security engineering in an agile development environment
  • Experience providing security assurance support to engineering and product management teams
  • Ability to analyze and solve complex
  • Software development background and proficiency in scripting languages
  • Demonstrated, good oral and written communication skills
  • Demonstrated ability to work and collaborate within globally distributed development teams
  • Ability to enhance team learning environment with coaching and mentoring
  • It would be nice if you also had :

  • Knowledge and experience with Nokia DFSEC Compliance Tool and Nokia Vulnerability Assessment and Management System tools
  • Knowledge of security requirements for cloud native and containerized products
  • Knowledge of securing web applications, mobile applications and network elements
  • Expertise in Microsoft Office Suite of team collaboration tools including Microsoft Outlook, Excel, Word, PowerPoint, SharePoint, Teams and OneNote
  • Experience with Atlassian JIRA and Confluence tools
  • Experience with left-shift of security testing into Continuous Integration / Continuous Deployment (CI / CD) environments
  • Experience conducting secure code reviews
  • Knowledge of the European General Data Protection Regulation (GDPR), China CyberSecurity Law (CSL) and other global legal / regulatory requirements around security & privacy would also be an asset.
  • Desired Industry Certifications :

    ISC)2 Certified Information Systems Security Professional (CISSP)

  • EC-Council, Certified Application Security Engineer (CASE)
  • What we offer

    Nokia offers flexible and hybrid working schemes, continuous learning opportunities, well-being programs to support you mentally and physically, opportunities to join and get supported by employee resource groups, mentoring programs and highly diverse teams with an inclusive culture where people thrive and are empowered.

    Nokia is committed to inclusion and is an equal opportunity employer

    Nokia has received the following recognitions for its commitment to inclusion & equality :

  • One of the World’s Most Ethical Companies by Ethisphere
  • Gender-Equality Index by Bloomberg
  • Workplace Pride Global Benchmark
  • LGBT+ equality & best place to work by HRC Foundation
  • At Nokia, we act inclusively and respect the uniqueness of people.

    Nokia’s employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law.

    We are committed to a culture of inclusion built upon our core value of respect.

    Join us and be part of a company where you will feel included and empowered to succeed.

    Additional Information

  • Vaccination Requirements : FOR US ONLY : Nokia employees, wherever required by law or contractual obligation, must receive a COVID-19 vaccination or an otherwise approved accommodation based upon applicable law.
  • Αναφορά αυτής της εργασίας

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Το e-mail μου
    Πατώντας στο κουμπί «Συνέχεια », δίνω στο neuvoo τη συγκατάθεση μου να καταχωρήσει τα δεδομένα μου και να μου στέλνει ειδοποιήσεις μέσω email, όπως αναφέρεται λεπτομερώς στην πολιτική προστασίας προσωπικών δεδομένων του neuvoo. Μπορείτε ανά πάσα στιγμή να αποσύρετε τη συγκατάθεση σας ή να διαγραφθείτε οποιαδήποτε στιγμή.
    Φόρμα αίτησης