At Ericsson, you can be a game changer! Because working here isn’t just a deal. It’s a big deal. This means that you get to leverage our 140+ years of experience and the expertise of more than 95,000 diverse colleagues worldwide. As part of our team, you will help solve some of society´s most complicated challenges, enabling you to be ‘the person that did that.’ We’ve never had a greater opportunity to drive change; setting the bar for technology to be inclusive and accessible; empowering an intelligent, sustainable, and connected world.

Are you in?

Cloud Security Engineer

Job Description

Date: Nov 14, 2019

Ericsson enables communications service providers to capture the full value of connectivity. The company’s portfolio spans Networks, Digital Services, Managed Services, and Emerging Business and is designed to help our customers go digital, increase efficiency, find new revenue streams, and create new user experiences. Ericsson’s investments in innovation have delivered the benefits of telephony and mobile broadband to billions of people around the world ensuring our solutions – and our customers – are at the forefront of innovation.   We support networks that connect more than 2.5 billion subscribers. With over 90,000 employees and customers in 180 countries, we combine global scale with technology and service leadership.  40 percent of the world’s mobile traffic is carried over an Ericsson network.  And, our Technology for Good and Connect to Learn programs include creating technology that makes it easier to save lives, feed societies, bring technology to emerging markets and connectivity to remote areas, and grow businesses and prosperity.

 

At Ericsson, we give our employees the freedom to think big and navigate their career, on a global scale.  We create technology that helps others, from helping people enjoy their favourite content to helping people recover from natural disasters by enabling better communications between rescue workers. Your ideas and innovations can turn into achievements that impact society and change the world, creating new connections, new possibilities, and new capabilities.  We find that Ericsson is at its best when we bring together the diverse skills of our people. Working across business areas, across cultures, across geographical borders, across technical disciplines. More often than not, across ground-breaking solutions. Next generation technology can be staggeringly complex. But the simpler it is to use; the more people benefit from it. Join us and help build technology that makes it simple to connect with information, business, societies, and each other. 

 

Job Summary:

 

We are looking for a senior security professional who can lead the security focus within our Software Development and Integration Unit under the IoT Portfolio. As a security spoc, you will be responsible for aiding the organization’s goals towards security by being the expert in security domain and guiding the development teams in  delivering secure products. Your role will include conducting Risk assessments, ensuring compliance to security standards, reviewing secure design practices, guiding vulnerability analysis, threat modelling and take part in security audits and ensure security posture of the product being developed. Apart from the governance aspects, you will be responsible for providing proposals and architect and develop solutions for security.

 

Responsibilities:

  • Play the role of security champion, Act as the "voice" of security for the given product or team.
  • Keep up to date with the latest security and technology developments
  • Research/evaluate emerging cyber security threats and ways to manage them
  • Assist in making security decisions for the team
  • Test and evaluate security products
  • Identify potential weaknesses and implement measures, such as firewalls and encryption
  • investigate security alerts and provide incident response
  • Liaise with stakeholders in relation to cyber security issues and provide future recommendations
  • Generate reports for both technical and non-technical staff and stakeholders
  • Maintain an information security risk register and assist with internal and external audits relating to information security
  • Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues
  • Guide and Perform Vulnerability analysis and take corrective proactive actions.
  • Establish and champion Secure design practices.
  • Build security culture and liaise with other security champions to build a strong forum that inculcates security seamlessly as part of product development.
  • Guide and Execute security processes like Risk assessment, Vulnerability analysis, Secure coding, Secure Design rules, Privacy Impact assessment, Privacy design practices, GDPR compliance etc
  • Implement security related solutions
  • Provide design proposals and take part in architectural decisions for the product in security dimension.

 

 Key Qualifications:

 

  • Between 7 years to 12 years of IT experience
  • Minimum 2-3 years of experience in Security domain
  • Strong Linux background
  • Experience with either device security concepts or cloud security concepts
  • Knowledge in anyone of the Cloud Technologies (K8s, RH Openshift, Openstack).
  • Experience of working in Agile SW development teams
  • Planning and organizing software development work
  • Strong interpersonal skills
  • Familiarity with computer security principles and practices
  • Experience finding ways to enable other engineers to create more secure products by default without requiring security expertise
  • Ability to define short- and long-term technical goals
  • Experience on threat modeling and vulnerability management
  • Experience with Python or Java
  • Experience advocating for technical security solutions across functional domains
  • Experience applying fundamental security concepts to systems
  • Experience with either device security concepts or cloud security concepts
  • Excellent business writing, presentation and communication skills
  • Web security background - Experience in implementing different security solutions
  • Experience on Vulnerability Scanning, Visibility Scanning, Web Application Scanning, Protocol Robustness Testing, DoS Testing
  • Certifications such as CCIE, CCSP, CEH, GWAPT, OSCP or CISSP beneficial
  • Creativity, enthusiasm, and innovation
  • Self-motivated, independent, and able to understand complex systems
  • Help with development of CI (Continuous Integration) environments

 

Ericsson provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetics. Ericsson complies with applicable country, state and all local laws governing nondiscrimination in employment in every location across the world in which the company has facilities. In addition, Ericsson supports the UN Guiding Principles for Business and Human Rights and the United Nations Global Compact. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, training and development. Ericsson expressly prohibits any form of workplace harassment based on race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetic information.