At Ericsson, you can be a game changer! Because working here isn’t just a deal. It’s a big deal. This means that you get to leverage our 140+ years of experience and the expertise of more than 95,000 diverse colleagues worldwide. As part of our team, you will help solve some of society´s most complicated challenges, enabling you to be ‘the person that did that.’ We’ve never had a greater opportunity to drive change; setting the bar for technology to be inclusive and accessible; empowering an intelligent, sustainable, and connected world.

Are you in?

Security Process Manager/ IT Security Specialist

Job Description

Date: Dec 3, 2019

Job Summary:-

 

We are looking for Security Process Manager/ IT Security Specialist. Below is the brief JD.

 

Brief Job Description

  • Skilled Information Security professional who can perform security assessment in service delivery, Product Security during development and handling end to end Information security delivery
  • Will need to perform penetration testing and vulnerability assessments, Application Security assessment, Risk assessment
  • Security, risk and/or vulnerability assessments and compliance
  • Security operations, management, monitoring, processes and tools
  • Cloud and virtualization security & Data privacy considerations and assessments
  • Capabilities to manage security requirements, design solutions with compliance to security, conduct security tests, security architecture, design, and optimization
  • Document constraints and rationale, provide traceability between security risks and functions to support business justification
  • Track closure of identified gaps and report compliance periodically
  • Collaborate with customer and domain specific-subject matter experts to align the solution with unique customer situation and capabilities
  • Awareness of incident management, perimeter security industry including market leaders and key business drivers
  • Review and propose updates to the Information Security Requirements based on risk and security assessments
  • Perform periodic review of baseline security standard for the operating systems and network devices
  • Maintain the personnel’s awareness of up-to-date security policies and procedures
  • Test the security control effectiveness and identify gaps (if any) & Assist in security exception handling process

 

Experience and Qualification

  • At least 8 to 10 years’ experience in professional services (providing consulting for end clients)
  • At least 6-8 years’ experience in Information Security Consulting, Security Governance, Risk, and Compliance (GRC)
  • At least 5 years’ experience in Technology Risk, IT and/or Information Security and Risk and IT Security Architecture
  • Security certifications e.g., CISSP, CCIE, CHFI, OSCP, CEH, ITIL
  • Risk Assessment and threat modeling methodologies and tools
  • Telco-specific test tools and knowledge
  • Demonstrate knowledge in other technical areas such as networks, firewalls, IDS/IPS, endpoint infrastructure security technologies, SIEM, etc.
  • Experience in product-based consulting, architecture, and implementation and IoT security and related knowledge will be added advantage
  • Understanding of enterprise computing environments, distributed applications, and a strong understanding of TCP/IP networks, also with available security control (technical & process control) for respective layers
  • Fair understanding of Mobile Network Architecture (3G, 4G & 5G), Elements and Functionality; expertise in at least one of RAN, Core or Management/Operations domains preferable
  • Strong technical experience and skills in some of the following areas:
  • Secure Coding practices
  • Network Security and Security Architecture
  • Information security standards
  • Cloud Architecture, Cloud Security & OSS/IT security
  • Application Security SAST and DAST
  • Personal integrity, data retention legislation, e.g. EU 95/46/EG, GDPR, Privacy regulation
  • IP networks, Operating Systems, and Databases
  • Penetration testing and vulnerability assessments, Application Security
  • Scripting and automation
  • Expertise in the solution of PKI, Cryptography solutions
  • Information Security by design and Privacy by the principle
  • network security technology, ISO/IEC/ITIL-based assessments
  • experience in using 2700x, COBIT, NIST-800 series, X.805, ANSI, IETF, ITU-T & 3GPP, ETSI
  • understanding of ISMS (Information Security Management System), ISO 27001 standard and prior experience of conducting IT audits