As part of the Product Security team, your responsibilities will include:
- Create and maintain Security and Privacy Specifications, Security High-Level Design, Threat and Risk Analysis and Hardening Specification Document for the product as required by Nokia's design for security (DFSEC) process.
- Assess emerging security vulnerabilities following the Security Vulnerability Management (SVM) process, provide applicable workarounds and determine need for security vulnerability fixes. Work closely with development teams and customers to analyse vulnerabilities and/or suggest remediations.
- Perform security tests for endpoint, server, network, and infrastructure security including penetration tests. Develop automation tools for security tests and hardening.
- Work together with product management to provide impact analysis for the Security requirements at the Organization level.
- Work on initiatives to design, develop, and implement security solutions to meet business and compliance requirements.
- Influence product roadmaps to include relevant security and privacy features.
- Expert technical contribution to the design and automation of security infrastructures that support the overarching security policies of the customer.
Your Skills and Experience:
- An analytical mind for problem-solving, abstract thought, and defensive security tactics.
- Technical knowledge and analysis of information assurance, to include applications, operating systems, physical security, networks, risk assessment, critical infrastructure continuity and contingency planning, emergency preparedness, security awareness and training.
- Good understanding of security tools for endpoint, server, network, and infrastructure security like Burp Suite, Anchore, Codenomicon, SonarQube, Nessus, Tenable, NMAP, Invicti, Defensics, Symantec etc.
- Good understanding of Privacy principles, GDPR and best practices on securing the deployment of product.
- Good understanding of the open source libraries/APIs chosen for the product.
- Experience with Java, Shell Script, Python, Jenkins and Open Source Integration.
- Working experience with Cloud Native, Microservices, Containers and Virtualization Technologies like Docker, Kubernetes (K8s) and Helm is good to have.
- Knowledge in Agile development process & DevOps practices.
- Strong written, oral communication and interpersonal/team skills.
- Security certifications like CISSP, CCSP will be an added advantage.
