Cyber Defense Center Security Operations & Compliancy Engineer

Job Description

Come create the technology that helps the world act together Nokia is committed to innovation and technology leadership across mobile, fixed and cloud networks. Your career here will have a positive impact on people s lives and will help us build the capabilities needed for a more productive, sustainable, and inclusive world. We challenge ourselves to create an inclusive way of working where we are open to new ideas, empowered to take risks and fearless to bring our authentic selves to work. Strategy and Technology lays the path for Nokia s future technology innovation and identifies the most promising areas for Nokia to create new value. We set the company s strategy and technology vision, offer an unparalleled research foundation for innovation, and provide critical support infrastructure for Nokia. Part of Strategy & Technology, Group Security is Nokia s central knowledge center responsible for Nokia s cyber security policies and standards, the cyber security architecture and roadmap, and the monitoring, alerting of security incidents.We partner with the Nokia Business Groups and Central Functions on product security, customer security, and interact with governments on security regulations.Together we take care of Nokia s security culture, processes, systems, products and services to position Nokia as a trusted partner for the 5G era and beyond For this position you ll be part of Group Security Cyber Defense Center working as a Security Operations and Compliance Engineer and will be interacting with Nokia s Digital Office, Business Groups, IT Operations team and other partners in the governance of security services verifying compliance of implementation to Nokia s Security Policies and collaborating with other Group Security teams on the implementation of new technologies, threat detection/monitoring and Security Strategy. Are you passionate about solving problems As part of our team, you will:

• Support the availability, integrity and security of ongoing Security Services operations
• Monitor and Assess the compliance to the Nokia Information Security Policies and govern the Security Operations both for Nokia s Onprem and Public Cloud Environments
• Define, Implement and Evaluate the maturity of the security services delivered by the different teams across Nokia organization (Digital Office, Business Groups, IT suppliers and other partners)

The Cyber Security Operations and Compliance Professional will setup a strong governance for each of the security services in his portfolio and by using the compliance, maturity assessment and other tools, identify deficiencies, determine risk level, recommend solutions and give guidance & support where it comes to execution of the security services.Above activities should be done in a cost effective and innovative way bringing value to the Business Groups / Central Functions & Digital Office teams through simplification, standardization and homogenization.The Key accountabilities for this role include:

• Ensure flawless execution of the security services provided by the delivery teams
• Definition of Services and compliance tools
• Defining relevant services status reports, including metrics and KPI and get them implemented
• Delivery of compliance reports, maturity assessments
• Gap analysis and drive delivery and implementation of improvement plans
• Governance and reporting
• Technical management of Vendors, Suppliers and IT teams in the implementation of Security Controls and Security Services
• Interface to Nokia Business Units, Nokia IT Tower leads (Connectivity, Enterprise Computing, Applications, End User Computing), Security Suppliers, Business Groups and other third parties for the Security Compliance Governance

Your skills and experience You Must have:

• Education: Master s degree in computer science or related technical field. Cybersecurity, information assurance or information security specializations are a bonus.
• English proficiency
• Experience: Minimum of 2 years of relevant professional experience required in development and/or security practices including some of domains listed hereunder:

• • Vulnerability Scanning and Assessments
    • Maintain knowledge of the threat landscape and evaluate, rate and perform risk assessments on assets
    • Knowledge of vulnerability scoring systems (CVSS/CMSS)
    • Good understanding of patching (Eg: Windows and Linux)
  • Cloud Compliance
    • Excellent knowledge of cloud architecture implementation and operations
    • Review of cloud cloud security implementations to ensure compliance with Nokia security Policies
    • Devops experience, CI/CD implementation and operation
  • Endpoint Protection
    • Application Control Operations
    • Anti-malware and anti-spam (high touch point to executives and common attack vectors).
    • HIPS
    • DLP
    • EDR
  • Network Security
    • Network Firewall and VPN
    • Proxy Management
    • NIDS/NIDP
    • Routing and LAN switching
  • Monitoring
    • Monitoring, logging & security event correlation techniques
    • Log Management
  • Server management (Wintel and UX)
  • Data analytics technologies & methodologies.
  • Advanced reporting techniques (e.g. PowerBI)
  • Knowledge on Cloud security technologies Azure, Google Cloud and Amazon is considered as very important plus
  • Experience in vendor technical management
  • Regulatory&Standards
    • Knowledge of information security regulations: PCI, GLBA, and Safe Harbor
    • Knowledge of various industry and government strategies and standards in privacy and security including ITIL, COBIT, ISO 27001, and NIST standards
  • Knowledge of current and evolving Information security technologies that cover all levels of IT architecture including those that affect business processes, data, applications, and network and systems infrastructure

It would be nice if you also have:

• • Certified Ethical Hacker EC Council (CEH)
  • Certified Computer Forensics Examiner (Access Data, SANS)
  • Certified Information Security Systems Professional (CISSP)
  • Certified Cloud Security Professional (CCSP)
  • Certified Information Systems Manager (CISM)
  • Certified in Information Systems Risk Management (CRISC)

or the ability to work toward obtaining the above certifications.Nokia offers flexible and hybrid working schemes, continuous learning opportunities, well-being programs to support you mentally and physically, opportunities to join and get supported by employee resource groups, mentoring programs and highly diverse teams with an inclusive culture where people thrive and are empowered. Nokia is committed to inclusion and is an equal opportunity employer Nokia has received the following recognitions for its commitment to inclusion & equality: - One of the World s Most Ethical Companies by Ethisphere - Gender-Equality Index by Bloomberg - Workplace Pride Global Benchmark - LGBT+ equality & best place to work by HRC Foundation At Nokia, we act inclusively and respect the uniqueness of people. Nokia s employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law. We are committed to a culture of inclusion built upon our core value of respect. Join us and be part of a company where you will feel included and empowered to succeed.Additional Information,

Keyskills :
cost effectivecloud securitycomputer sciencebusiness unitsunified threat managementrisk managementcyber securitycyber defenseit operationsit architecturesecurity systemsiso 27001product security