The Cyber Security Defense Center (CDC) is looking for an Application Security Professional taking up responsibilities in the Operations and Compliance Team.

What you will learn and contribute to
The CDC OC Application Security team mission is to ensure identification and manage inventory of critical assets and executing the required assessments to ensure Confidentiality, Integrity and Availability on Nokia Applications.

In this context, Nokia’s CDC OC team has established a program for Application Security Compliance verification. The Application Security Professional will be active contributor to implement this program, engaging with the Nokia Application Owners, Business Groups partners and other stakeholders with the goal of ensuring that Nokia’s applications are implemented and operated according to the relevant security and privacy requirements.

The Application Security Professional shall also be capable of addressing the challenges regarding the management of Application Security for a large organisation as Nokia, contributing for with the creation, continuous enhancements, and execution of the program and Governance.

The ‘Application Security Professional is required to have the following Key Competencies:

Experience of Security Controls and techniques, including Authentication, authorization, encryption, logging, and application security testing, etc. Experience of security risk management and cybersecurity domain. Experience in Enterprise Architecture and Data Governance practices Knowledge of common information security management framework and standards Aware of IT policy, SOX, NSA, GDPR, ISO 27001, Data Privacy requirements. Knowledge and understanding of relevant legal and regulatory requirements. Familiar with Public Cloud, Cloud-based and AI applications, and deployment models Strong Gap Analysis & Security Audit Skills. Knowledge of application security including OWASP. 

In the overview below, a series of requirements or expectations are listed. This overview is not to be considered as a need-to-have for all but, in the case a particular expectation cannot be met, it is expected that the applicant is aspiring to (eventually) fulfill the expectation

BSc or MSc (preferred) degree in computer science or related technical field. Have +7 years of experience in cyber security (or equivalent by education and/or interest); Having practical/hands-on experience on Application Security or as a Security Architect. Experience with GRC and ITSM tools and processes. Be able to work in a standalone way with a minimum of guidance and oversight. Be fluent in English (oral and written) and engage with discussions with other stakeholders in the organisation.
 

As a daily mission, the Application Security Professional will:

Initiate and follow with Application Owners the defined processes for: Data Classification. Application Security Compliance Questionnaires. Ensure correct inventory of applications is maintained and the respective data classification. Launch and review E2E execution of Program processes. Review evidence and results from Application Security Compliance Questionnaires. Ensure that Data Classification is properly identified and associated with respective assets. Tracking the findings/non-compliances and follow up remediation's with the respective Application Owners with the objective of ensure compliance to the relevant Nokia’s security policies and operational process for the application domain. Support the overall Governance with IT and Business Groups stakeholders Reporting the overall Application Security Domain status to All the relevant stakeholders including management and Business Group Security partners.