Customer interest and expectations on security is increasing, especially with the introduction of 5G and related services. Product security and information protection are high priorities at Ericsson.
Do you want to help us find vulnerabilities in our products before others do?
We are now searching for Vulnerability Analysis (VA) testers to the VA section in the new Development Unit Networks’ Security organization, located in Kista, Stockholm. A plus is if you have automation competence and CI/CD development experience.
You will work in a team which is responsible for Security Risk Assessment and Vulnerability Analysis of radio network products, with focus on 5G. You will be involved in performing VA tests and penetration tests, produce VA reports, and together with the systems team, secure formal risk assessments on both feature and product levels.
The work will be a mixture of white and black box testing using common tools such as kali-suite, Nessus, fuzz-testers and craftmanship that goes along with the area. You should be able to present your findings and propose mitigations to developers, testers and other stakeholders.
- Maintaining and preparing VA Environment – lab setup, troubleshooting, configuration changes, and new tools deployment
- Participate in test analysis for features and products
- VA test & reporting per feature/release for several nodes
- Provide feedback to projects/programs (based on performed risk analysis)
- Be part of automation activities
- Drive continuous improvements of products and processes
- Be a part of team that will develop CI/CD VA machinery
Key Qualifications and Characteristics of the Candidate:
- BSc/MSc level in a technical discipline or the equivalent level of knowledge
- Genuine interest in software development and product & application security
- Ability to perform test analysis, evaluate test results, and produce a verdict
- Troubleshooting, problem solving, end-to-end thinking, value driven development mindset
- Some experience from working with Vulnerability Analysis or Security in a mixed target environment including embedded systems, Linux and highly distributed systems.
- Experience of programming in php/python/bash/java or similar environment
- Knowledge sharing, presentation, collaboration, teamwork, and communication skills
- A plus: Understanding of automation in development processes such as DevSecOps & CI/CD is a plus
- A plus: AIR interface experience
Knowledge / experience in the following are an advantage:
- OSCP or applicable certification
- Risk assessment and threat modeling methodologies and tools
- Network security and information security standards
- Software development skills
- Experience from working with PEN-testing
- Experience with CI/CD pipelines and DevSecOps
Are you in?
Then send in your application as soon as possible.
The process will be ongoing and we will let you know as soon as we can if you move forward. Any questions? Please email Christian.Sperling@Ericsson.com
Ericsson provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetics.
Ericsson complies with applicable country, state and all local laws governing nondiscrimination in employment in every location across the world in which the company has facilities. In addition, Ericsson supports the UN Guiding Principles for Business and Human Rights and the United Nations Global Compact.
This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, training and development.
Ericsson expressly prohibits any form of workplace harassment based on race, color, religion, sex, sexual orientation, marital status, pregnancy, parental status, national origin, ethnic background, age, disability, political opinion, social status, veteran status, union membership or genetic information.
Primary country and city: Sweden (SE) || || Stockholm || R&D
Req ID: 306426