Penetration Tester for Security Red Team - Ericsson Digital Services Security Center

Job Description

Date: May 6, 2019

 

The future will look very different and the future starts today. We are re-inventing the service provider experience and intend to accelerate the latest innovations seen in both mobile and cloud.

 

Ericsson Digital Services does this by delivering best in class solutions and platforms with leading technologies, built and delivered by the best people. Now we’re taking the next step, leveraging web scale with an iconic user experience for our customers and their customers, and therefore be the partner of choice for service providers. Ericsson Digital Services provides solutions and platforms in OSS, BSS, Telecom Core, Communication Services and Cloud Infrastructure – leveraging cloud and automation technology.

 

Security is a rapidly changing field with activities ranging from advanced penetration testing to strategic governmental and industry relations within the cyber security domain. Digital Services Security Center consist of highly motivated specialist and leaders in various disciplines. The unit works across the Digital Services portfolio and interacts with a very mixed audience, ranging from senior customer engagements to explaining & educating designers, testers & deployment personnel. The portfolio is an advanced mixture of systems ranging from dedicated hardware to advanced microservices architecture running on distributed containerized infrastructure in hybrid clouds.

 

We currently have a vacancy for Penetration Tester for Security Red Team, a member of Digital Services Security Center. DGS requires a highly skilled security PEN-tester with the ability to verify the security posture in our products. The work will be a mixture of white and black box testing using tools of the trade including common tools such as kali-suite, Nessus, fuzz-testers and craftmanship that goes along with the area.  Ability to developing new tools, methodology and addons for proprietary telecom targets, and tool development needed for efficient operation. You should be able to present your findings and propose mitigations to developers, testers and other stakeholders.  You should be able to develop CTF exercises and training material needed to mitigate the findings. You will be part of a Red team and are expected to be able to work in a team collaborative environment

 

Qualifications and Experience

  • At least 5-7 years’ experience from working with PEN-testing and vulnerability analysis in a mixed target environment including embedded systems, Linux and highly distributed systems.
  • Deep technical competence in relevant tools & methodologies
  • Track record working with structured VA testing using common tools
  • Experience from Public/Large scale presentations in front of audience
  • CTF development and execution
  • Certifications OSCE/OSCP/CEH or equivalent experience.
  • Proven significant experience programming in php/python/java & SQL or similar environment for proof of concepts and automation of activities
  • A plus if you have proven Digital Services domain competence (Products & Services) and/or experience/knowledge from Ericsson Product Security governance (i.e. AoR, SRM, BSR, SDR, etc.)
  • A plus if you are an Ericsson Certified Security Associate

 

Behavior Competencies

  • Strong Result orientation and drive
  • Strong relationship and networking skills
  • Self-motivated, able to influence others
  • Excellent presentation skills and ability to convey key messages and customer value
  • Strong ability to lead, inspire and motivate
  • Strong ability to work structured with large datasets of mixed origin.

 

If you have any questions, please contact Anders Rosengren, Head of Architecture & Technology or Carl Berg, HR Business Partner

 

Location: Kista

Regular employment

 

Ericsson provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetics.

Ericsson complies with applicable country, state and all local laws governing nondiscrimination in employment in every location across the world in which the company has facilities. In addition, Ericsson supports the UN Guiding Principles for Business and Human Rights and the United Nations Global Compact.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, training and development.

Ericsson expressly prohibits any form of workplace harassment based on race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetic information.

 

Primary country and city: Sweden (SE) || || Stockholm || IT

Req ID: 278714