Application Security Professional
Portugal
Come create the technology that helps the world act together
Nokia is committed to innovation and technology leadership across mobile, fixed and cloud networks. Your career here will have a positive impact on people’s lives and will help us build the capabilities needed for a more productive, sustainable, and inclusive world.
We challenge ourselves to create an inclusive way of working where we are open to new ideas, empowered to take risks and fearless to bring our authentic selves to work.
The team you’ll be part of
Strategy and Technology lays the path for Nokia’s future technology innovation and identifies the most promising areas for Nokia to create new value. We set the company’s strategy and technology vision, offer an unparalleled research foundation for innovation, and provide critical support infrastructure for Nokia.
Part of Strategy & Technology, Group Security (GS) is Nokia’s central knowledge center responsible for Nokia’s cyber security policies and standards, the cyber security architecture and roadmap, and the monitoring, alerting of security incidents.
We partner with the Nokia Business Groups and Central Functions on product security, customer security, and interact with governments on security regulations.
Together we take care of Nokia’s security culture, processes, systems, products and services to position Nokia as a trusted partner for the 5G era and beyond.
The Cyber Security Defense Center (CDC) is looking for an Application Security Professional taking up responsibilities in the CDC Operations and Compliance Team.
What you will learn and contribute to
CDC Operations and Compliance (OC) team the mission of governing the Security Operations of Nokia’s IT environments. In this context, Nokia’s CDC OC team has established a program for Application Security Compliancy verification. The Application Security Professional will and active contributor to implement this program, engaging with the Nokia Application Owners, Business Group partners and other stakeholders with the goal to ensure that Nokia’s applications are implemented and operated according to the relevant security and privacy requirements.
The Application Security Professional’ s shall also be capable of addressing the challenges regarding the management Application Security for a large organization as Nokia, contributing for with the creation, continuous enhancements, and execution of the Application Security Governance program.
As daily mission, the Application Security Professional will:
- Initiate and follow with Application Owners the defined processes for:
- Data Classification.
- Application Security Compliance Questionnaires;
- Ensure correct inventory of applications and the respective data classification;
- Launch and Analyze Vulnerability Scans and propose remediation actions with the Service Owners and other stakeholders;
- Review evidences and results from Application Security Compliance Questionnaires;
- Tracking the findings and follow up remediation with the respective Service Owners with the objective of ensure compliance to the relevant Nokia’s security policies and operational process for the application domain;
- Assess the risk/ non-compliances related to OS, Database & Application Security & propose compensatory controls wherever possible;
- Reporting the overall Application Security Domain status to All the relevant stakeholders including management and Business Group Security partners.
The ‘Application Security Professional’ is required to have the following Key Competencies:
- Knowledge of application security including OWASP;
- Knowledge of Security Controls and techniques, including Authentication, authorization, encryption, logging, and application security testing, etc.;
- Knowledge of security risk management and cybersecurity;
- Knowledge of common information security management frameworks;
- Knowledge and understanding of relevant legal and regulatory requirements;
- Familiar with Public Cloud, and cloud-based applications and deployment models;
- Aware of IT policy, SOX, NSA, GDPR, ISO 27001, Data Privacy requirements;
- Strong Gap Analysis & Security Audit Skills.
In the overview below, a series of requirements or expectations are listed. This overview is not to be considered as a need-to-have for all but, in the case a particular expectation cannot be met, it is expected that the applicant is aspiring to (eventually) fulfill the expectation.
- BSc or MSc (preferred) degree in computer science or related technical field;
- Have +3 years of experience in cyber security (or equivalent by education and/or interest);
- Having practical/hands-on experience Application Security either as a Developer or as a Security Analyst;
- Be able to work in a standalone way with a minimum of guidance and oversight;
- Be fluent in English (oral and written)
Come create the technology that helps the world act together
Nokia is committed to innovation and technology leadership across mobile, fixed and cloud networks. Your career here will have a positive impact on people’s lives and will help us build the capabilities needed for a more productive, sustainable, and inclusive world.
We challenge ourselves to create an inclusive way of working where we are open to new ideas, empowered to take risks and fearless to bring our authentic selves to work
What we offer
Nokia offers continuous learning opportunities, well-being programs to support you mentally and physically, opportunities to join and get supported by employee resource groups, mentoring programs and highly diverse teams with an inclusive culture where people thrive and are empowered.
Nokia is committed to inclusion and is an equal opportunity employer
Nokia has received the following recognitions for its commitment to inclusion & equality:
- One of the World’s Most Ethical Companies by Ethisphere
- Gender-Equality Index by Bloomberg
- Workplace Pride Global Benchmark
At Nokia, we act inclusively and respect the uniqueness of people. Nokia’s employment decisions are made regardless of race, color, national or ethnic origin, religion, gender, sexual orientation, gender identity or expression, age, marital status, disability, protected veteran status or other characteristics protected by law.
We are committed to a culture of inclusion built upon our core value of respect.
Join us and be part of a company where you will feel included and empowered to succeed.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Cloud Compliance Computer Science Encryption GDPR Governance ISO 27001 Monitoring OWASP Privacy Product security Risk management SOX Strategy Vulnerability scans
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Security Operations Engineer jobs
- Open Cloud Security Architect jobs
- Open Principal Security Engineer jobs
- Open Information Security Specialist jobs
- Open Information Security Officer jobs
- Open Senior Cyber Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Senior Product Security Engineer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Cybersecurity Consultant jobs
- Open Senior Network Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Security Consultant jobs
- Open Security Operations Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open IT Security Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open TS/SCI-related jobs