At Ericsson, you can be a game changer! Because working here isn’t just a deal. It’s a big deal. This means that you get to leverage our 140+ years of experience and the expertise of more than 95,000 diverse colleagues worldwide. As part of our team, you will help solve some of society´s most complicated challenges, enabling you to be ‘the person that did that.’ We’ve never had a greater opportunity to drive change; setting the bar for technology to be inclusive and accessible; empowering an intelligent, sustainable, and connected world.

Are you in?

Vulnerability Analysis Developers

Job Description

Date: Dec 4, 2019

Job Summary:

Customer interest and expectations on security is increasing, especially with the introduction of 5G and related services. Product security and information protection are high priorities at Ericsson. 

Do you want to help us find vulnerabilities in our products before others do?

We are now searching for Vulnerability Analysis (VA) testers to the VA section in the new Development Unit Networks’ Security organization, located in Kista, Stockholm. A plus is if you have automation competence and CI/CD development experience.

You will work in a team which is responsible for Security Risk Assessment and Vulnerability Analysis of radio network products, with focus on 5G. You will be involved in performing VA tests and penetration tests, produce VA reports, and together with the systems team, secure formal risk assessments on both feature and product levels.

The work will be a mixture of white and black box testing using common tools such as kali-suite, Nessus, fuzz-testers and craftmanship that goes along with the area.  You should be able to present your findings and propose mitigations to developers, testers and other stakeholders. 

 

Responsibilities:

  • Maintaining and preparing VA Environment – lab setup, troubleshooting, configuration changes, and new tools deployment
  • Participate in test analysis for features and products
  • VA test & reporting per feature/release for several nodes
  • Provide feedback to projects/programs (based on performed risk analysis)
  • Be part of automation activities
  • Drive continuous improvements of products and processes 
  • Be a part of team that will develop CI/CD VA machinery

Key Qualifications and Characteristics of the Candidate:

  • BSc/MSc level in a technical discipline or the equivalent level of knowledge
  • Genuine interest in software development and product & application security
  • Ability to perform test analysis, evaluate test results, and produce a verdict
  • Troubleshooting, problem solving, end-to-end thinking, value driven development mindset
  • Some experience from working with Vulnerability Analysis or Security in a mixed target environment including embedded systems, Linux and highly distributed systems.
  • Experience of programming in php/python/bash/java or similar environment
  • Knowledge sharing, presentation, collaboration, teamwork, and communication skills 
  • A plus: Understanding of automation in development processes such as DevSecOps & CI/CD is a plus
  • A plus: AIR interface experience

Knowledge / experience in the following are an advantage:

  • OSCP or applicable certification
  • Risk assessment and threat modeling methodologies and tools
  • Network security and information security standards
  • Software development skills
  • Experience from working with PEN-testing
  • Experience with CI/CD pipelines and DevSecOps

 

Are you in? 

 

Then send in your application as soon as possible. 

The process will be ongoing and we will let you know as soon as we can if you move forward. Any questions? Please email Christian.Sperling@Ericsson.com

 

Location: Stockholm.

 

Ericsson provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetics.

Ericsson complies with applicable country, state and all local laws governing nondiscrimination in employment in every location across the world in which the company has facilities. In addition, Ericsson supports the UN Guiding Principles for Business and Human Rights and the United Nations Global Compact.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, training and development.

Ericsson expressly prohibits any form of workplace harassment based on race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetic information.

 

Primary country and city: Sweden (SE) || || Stockholm || R&D

Req ID: 306426