Customer Security Manager

Descrição: Job Position Summary Description:

An experienced cybersecurity professional to fill the role of Security Assurance Specialist. In this role you will support Nokia Cloud & Networking Services (CNS) teams in their efforts to create secure software by collaborating with them and key stakeholders by applying your security expertise to prevent introduction of security vulnerabilities, performing security testing to identify defects and other vulnerabilities, analyzing security test results and making recommendations for remediating solutions. Nokia customer teams will request your support in resolving and timely responding to customer security related cases.

The CNS Security Team will expect you to contribute to the annual program planning and road mapping. As security certification requirements emerge, you will be expected to support CNS stakeholders on planning for and carrying out security certification activities, which can include hands-on or automated testing, results analysis and remediation.

As CNS encounters security events that require incident response management, you may become a contributing member of the CNS incident response team. Other Nokia business group security teams and stakeholders will expect you to network with them and provide coaching and mentoring, as well as collaboration to build the security culture and maturity within Nokia. Your experience will be needed with assuring the Nokia security vulnerability management (SVM) process is followed by CNS teams. You will collaborate with key teams in the use of SVM tools to resolve related issues and meet their SVM key performance indicators (KPIs). Former experience in Telco industry (as CSP or vendor collaborator) is required, to understand the specificities of the business and the implications of security in the CSPs. A background in software development is strongly desired to allow you to collaborate and lead efforts to turn security test cases into code (Everything as Code – EAC) and introduce innovative ways to automate security testing across the product development lifecycle (PDLC). This role will require knowledge of security testing, secure software development practices and broad knowledge of application and network security vulnerabilities and how to identify and mitigate them. Configuring, running various testing tools, generating reports, communicating with development teams and negotiating remediation of issues are key components of the role. You will help to promote and apply Nokia standards and guidance for Design for Security (DFSEC) process, tools and collaborate with Nokia Group Product Security team on continual improvement to these standards and guidelines. As an experienced engineer you will help define and build CNS security expertise, including CNS specific security standards,guidelines and standard operating procedures and execute the targets of the security program across CNS.

You will be a source of coaching and mentoring for security expertise within CNS and Nokia. Tasks

• Support customer teams managing customer security cases by leveraging security assurance expertise and CNS engineering stakeholders, leading to timely case resolution
• Work with CNS architects, engineers, project managers and program managers to review, analyze, identify security issues and agree on recommended remedies
• Conduct and participate in security threat and risk assessments
• Mediate the communication between customer, customer teams and internal Nokia organizations in order to achieve a common understanding about the subjects and their relative priorities
• Assist to create a knowledge base of common security issues to leverage previous cases to accelerate resolution of reported incidents
• Install, configure and operate security test tools, as well as analyze and recommend remediations to identified security test findings
• Produce summary test reports with scheduled remediations from outputs of security test tools
• Collaborate with CNS DevOps teams to create roadmaps evolving into a DevSecOps
• Organize and facilitate continuous security testing virtual team meetings with CNS stakeholders
• Contribute to annual CNS Security Program planning and roadmaps
• Support CNS engineering and product management teams to secure their products, solutions and services
• Provide support to Nokia incident response management teams • Coach and mentor CNS stakeholders on information and product security skill building
• Promote a culture in CNS of Zero Trust and best security practices Required Minimum Qualifications: (Education, Technical Skills/Knowledge)
• Bachelor’s degree in computer science or related degree program
• 10 years of experience in information and product security
• 5 years of experience in Telco industry
• Demonstrated experience in security testing, vulnerability testing, secure hardening testing (Wireshark, Coverity, SonarQube, Defensics, Netsparker, Tenable.sc, Anchore, NMAP, CAT Pro, OpenScap)
• Proficiency with secure code, vulnerability, hardening test tools and analysis of their reports
• Proficiency coding scripting languages (Python, PHP)
• Proficiency writing security test cases as code (Python, Gherkin)
• Experience creating security testing using ATDD, BDD frameworks (Robot, Cucumber)
• Experience with creating automated configuration verification scripts (Ansible)
• Experience providing security assurance support to engineering and product management teams
• Software development background including coding and testing
• Excellent oral and written communication skills
• Team player able to engage and collaborate with stakeholder network
• Demonstrated ability to successfully work and collaborate within global distributed teams
• Ability to enhance team learning environment with coaching and mentoring Certification/ ISC2 CISSP

Local – Rio de Janeiro