Job Description

Come create the technology that helps the world act together

Nokia is committed to innovation and technology leadership across mobile, fixed and cloud networks. Your career here will have a positive impact on people's lives and will help us build the capabilities needed for a more productive, sustainable, and inclusive world.

We challenge ourselves to create an inclusive way of working where we are open to new ideas, empowered to take risks and fearless to bring our authentic selves to work.

The team you'll be part of

Strategy and Technology lays the path for Nokia's future technology innovation and identifies the most promising areas for Nokia to create new value. We set the company's strategy and technology vision, offer an unparalleled research foundation for innovation, and provide critical support infrastructure for Nokia.

Part of Strategy & Technology, Group Security is Nokia's central knowledge center responsible for Nokia's cyber security policies and standards, the cyber security architecture and roadmap, and the monitoring, alerting of security incidents. We partner with the Nokia Business Groups and Central Functions on product security, customer security, and interact with governments on security regulations. Together we take care of Nokia's security culture, processes, systems, products and services to position Nokia as a trusted partner for the 5G era and beyond.

What you will learn and contribute to

In today's digital world, many corporate organizations have become dependent on thousands of systems that conduct multiple business critical functions (sales reporting, financial reporting, supply chain, manufacturing, managed service operations, etc...). The protection of those systems and their operational environments is paramount to the success of any organization.

The selection & implementation of security & privacy controls on business critical assets within Nokia is an important task, which can have implications on the operations and assets of Nokia. Understanding the overall effectiveness of those security & privacy controls is essential in determining the risk to the organization's operations and assets resulting from the use of the system.

If you are passionate about assessing and testing the effectiveness of security & privacy controls as well as keen to understand the exploitability of system vulnerabilities? Then, this is your opportunity to become part of Nokia Group Security.

As part of Nokia Group Security, you will become part of the Security Architecture & Solutions (SAS) team, wherein you will join the Security Assessment & Testing Team.

In your role as Security Assessment & Testing Specialist, you will:

• Create & maintain the inventory & pipeline of candidate Nokia systems to perform security assessments & testing programs.
• Gather, create & maintain relevant threat intelligence of potential security control weaknesses and security vulnerabilities across Nokia's corporate system infrastructure. This effort will be performed in close collaboration with other Group Security Teams.
• Define security assessment & testing strategy for the target system taking into account the system specifications, the system mechanisms, the system activities, the system user groups (system admin, system users,...) as well as the available threat intelligence data.
• Execute the security assessment strategy to verify & validate if relevant security & privacy controls are implemented on targeted system(s) & their operational environment. You will also assess their maturity and effectiveness in meeting Nokia's security goals & objectives.
• Model threats to determine the exploitability & the criticality of various security vulnerabilities on the target system(s)
• Execute the security testing strategy by building and executing payloads to validate & confirm these identified security vulnerabilities
• List all identified security control gaps and security vulnerabilities for each target system(s) and document those in "security assessment & testing" reports.
• Advise and collaborate with all relevant Group Security Teams & other key stakeholders (IT, business teams) to provide conclusive strategies on how to best mitigate all identified security control gaps and security vulnerabilities for each target system(s).
• Be a key contributor to provide relevant assessment and testing outputs to red and purple teams to support their continuous improvement actions of response processes and architectural capabilities
• Provide security expertise based on your strong technology insight and knowledge about relevant information security threats

Your skills and experience

You have:

• Deep understanding of a corporate IT operational environments
• Strong expertise in network & application security, IAM & privacy controls, networking concepts and architectural implementations
• Diverse operational security experience with security platforms, such as: firewalls, IPS, Vulnerability Management, endpoint security, SIEM solutions, ...
• Strong expertise in Windows & Linux operating systems (user, privileged/Administrator/Root)
• The ability to effectively use command-line tools to achieve functions throughout the MITRE ATT@CK lifecycle (Windows and Linux)
• Demonstrated & proven ability to define comprehensive security assessment & testing strategies
• Demonstrated & proven ability to review & validate test results
• Demonstrated & proven ability to propose, design & implement IT and security solutions remediating the detected findings & vulnerabilities in close collaboration with other SAS teams (security analysts, security specialists and security architects)
• Familiarity with zero trust principles, API security, and associated attack vectors
• The ability to conduct technical security assessments, advise & pursue stakeholders on remediation strategies & action plans
• Vulnerability management lifecycle skills including identification, validation, rating, and remediation of identified weaknesses
• Experience in the operational use of multi-cloud security assessment, vulnerability, and testing solutions in Azure, GCP and/or AWS
• Strong presentation skills and the ability to convey technical security concepts to non-technical audiences

Following skills are considered as a plus:

• Experience in the design, implementation, and administration of multi-cloud security testing environments, in particular in Azure, GCP, and/or AWS
• Ability to secure applications throughout the Software Development Lifecycle (SDLC) using SAST, DAST, and/or IAST tools
• Capable of modeling threats across standard frameworks (MITRE, STRIDE, Kill-Chain,...)
• Demonstrated penetration testing experience
• Experience participating in red, blue, and purple team attack/defense engagements as a key contributor
• Proven ability to assemble and execute offensive security payloads using diverse testing toolsets
• Good scripting knowledge (such as Java, C, python, PowerShell, Ansible)
• Being familiar with NIST standards, such as: NIST Cyber Security Framework and NIST SP 800-53A related to assessing security & privacy controls

Relevant security certifications, such as: CISSP, CISM, CEH, GPEN, OSCP,...

You are:

• Passionate about technology and information security
• Strong and creative problem-solving abilities
• Highly self-motivated and self-directed
• Comfortable in fast-paced, ever-changing environments with ability to successfully translate diverse and complex ambiguities into actionable plans
• A team player - even when working in a virtual team

What we offer

Nokia offers flexible and hybrid working schemes, continuous learning opportunities, well-being programs to support you mentally and physically, opportunities to join and get supported by employee resource groups, mentoring programs and highly diverse teams with an inclusive culture where people thrive and are empowered.

Nokia is committed to inclusion and is an equal opportunity employer

Nokia has received the following recognitions for its commitment to inclusion & equality:

• One of the World's Most Ethical Companies by Ethisphere
• Gender-Equality Index by Bloomberg
• Workplace Pride Global Benchmark
• LGBT+ equality & best place to work by HRC Foundation

At Nokia, we act inclusively and respect the uniqueness of people.

Nokia's employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law.
We are committed to a culture of inclusion built upon our core value of respect.

Join us and be part of a company where you will feel included and empowered to succeed.

Additional Information