As an Information Security Officer you will be expected to provide cyber security expertise in the analysis, assessment, development, and evaluation of security solutions and architectures to secure applications, operating systems, databases, and networks. Additionally, you will be expected to assist in the development of cyber security requirements, conduct security risk assessments, evaluate security services and technologies, and review and document information security policies and procedures as well as provides monitor and provide oversight for alerts in this environment. You will work with Product Owners and Strategic Product Management to ensure the correct focus on delivering secure solutions with the wanted business outcomes. You are expected to work, co-operate, and communicate in an international environment, both with colleagues internally as well as customers and suppliers to Ericsson. The role requires you to take initiative and it is important that you deliver customer value autonomously.
Candidate should have strong experience on customer facing projects and work with high motivation to contribute to Knowledge Sharing, Innovation and New Business Generation process. Candidate should have specialist skills on how to provide security for cloud-based digital platforms and how to protect an organization's data.
• University degree in ICT/Engineering (Bachelor or above)
Being part of PDG A4 means you have and maintain high technical knowledge. You share your knowledge and make a key contribution in selected customer engagements. The teams mission is to execute the Ericsson strategy with feature development and support, presales, customer onboarding and operations. PDG A4 is the vanguard in leveraging the Cloud in the SaaS space. You maintain an excellent network that enables you to perform at the highest level. As PDG A4 is working at the cutting edge, this will provide you with an opportunity and challenge to work with new and emerging technology, continually enhancing your skills while working on projects that are always a top business priority.
Responsibilities for this role include (but are not limited to):
• Manage the day to day security, risk and compliance for ‘aaS’ offerings.
• Ensure adherence to the Ericsson operational compliance program called ESEP (Ericsson Security Execution Compliance).
• Define a systematic way of working with risk for ‘aaS’ offerings.
• Work with the PDU, SOC and NOC to identify security weaknesses.
• Security LCM for ‘aaS’ customers.
• Overall risk awareness and ownership for the ‘aaS’ Product offerings.
• Identify and manage threat alerts and vulnerability threats.
• Drive the security ‘hardening’ agenda for ‘aaS’ offerings.
• Manage communication with ‘aaS’ stakeholders.
• Help manage the risk management program for ‘aaS’ offerings working with SME’s, engineers etc.
• Continually strive for excellence and quality with a customer first focus.
• Emphasize team wins over individual success.
• Coach and mentor the team to continually improve performance.
• Serve as the subject matter expert (SME) on Cloud Security.
• Develop standards, policies and procedures as well as best practices documentation.
• Propose and/or design technical solutions, which include creating prototypes and proofs of concept while maintaining a security mindset.
• Lead and influence multi-disciplinary teams in implementing and operating Cyber Security controls.
• Work closely with application developers and database administrators to deliver creative solutions to complex technology contests and business requirements.
• Provide Info security architecture & systems engineering consulting to IT teams.
• Automate security controls, data and processes to provide better metrics and operational support.
• Utilize cloud-based APIs when appropriate to write network/system level tools for securing cloud environments.
• Stay current on emerging security threats, vulnerabilities and controls.
• Identify and Implement new security technologies and best practices into Ericsson Cloud offerings.
• Evaluate new technologies against established requirements and validate the security of the technology.
• Identify new security threats by conducting continual monitoring, penetration testing, vulnerability assessments and log analysis.
• Entrepreneurial and result motivated; makes sure set targets are met.
• Interest in exploring new programming paradigms, languages, and pattern.
• Passion for growing your skills, tackling interesting work and challenging problems.
• High willingness and ability to share knowledge and experience.
• Strong cultural awareness and excellent language, social and interpersonal skills to enable communication throughout the organization.
• Strong diagnostic and problem-solving skill to resolve challenging issues autonomously or in a team environment.
• Strong design skills, able to present ideas and implement designs to meet the needs of customers.
• Experience working directly with clients, leading projects, and mentoring engineers.
• Compliance and/or audit background is a plus, as is having the ability and expertise to collect, document and disseminate information.
• Although this is not a ‘Hands on Technical’ role, the individual concerned is expected to have the technical experience, expertise and know how to implement and drive security related technical solutions and strategy.
Technical Skills – Cloud & Security
• Minimum of 5-7 years of IT Security and/or security engineering experience.
• 5-7 years related experience in Computer Security, with proven focus on Cloud Security. Clear passion for cloud Security and Cloud technologies.
• Demonstrable background in security products and technologies, security engineering, networking protocols, security analysis, network and endpoint forensics, and investigations.
• Expert level understanding of the cyber kill chain, pervasive threat attack methods, and remediation.
• Familiar with public cloud architectures & operating models. Must have familiarity with cloud resources & log formats (i.e. cloud trail logs).
• Ability to script or program repeatable security monitoring and investigation tasks.
• Ability to evaluate network packets and log data.
• Strong knowledge about network protocols, certifications in the area such as CCNA, is preferred.
• Knowledge about multiple operating systems across Windows and Unix domain.
• Experience in designing and implementing security standards, specifications and procedures.
• Knowledge of network and web related protocols. (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
• Skilled in discussing complex security issues in understandable business terms.
• Very detailed knowledge of system security vulnerabilities and remediation techniques.
• Relevant IT security certifications including CISSP, CISM, CRISC, CEH or SANS certs are expected.
• Experience working with private and public clouds especially Amazon Web Services, Rackspace, Azure, VMware etc.
Ericsson provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetics.
Ericsson complies with applicable country, state and all local laws governing nondiscrimination in employment in every location across the world in which the company has facilities. In addition, Ericsson supports the UN Guiding Principles for Business and Human Rights and the United Nations Global Compact.
This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, training and development.
Ericsson expressly prohibits any form of workplace harassment based on race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetic information.
Primary country and city: Ireland (IE) || Athlone || R&D