Job Research & Development
Primary Location US-Burlington
Organization Horizontal Units
Job Level Individual Contributor
Education Level Bachelor's Degree (±16 years)
Job Type Experienced
Employee Status Regular
Security Architect / Senior Specialist will primarily be contributing into development, implementation and maintenance of the application security program across R&D in Services. This is a hands-on position that requires someone who has had a great deal of application development and coding experience together with an understanding of application security and secure coding principles. This position will design secure products and architectures, perform architecture and secure code reviews, perform penetration testing, define secure coding standards, and strongly contribute into application security awareness programs.
This role will work closely with engineering and products teams to design and implement security-related systems and functionality, including writing secure code as necessary, verification of services' launch readiness. This position would require constant monitoring and awareness of key developments in the area of web application security, evaluation of their impacts on services in production and under development. The candidate is expected to be able to work in virtual teams, identify needed/missing capabilities and contribute in application security competence development creating and maintaining security community in S R&D.
- evangelize security principles through engineering and drive adoption of best practices
- participate in applications' design and architectural reviews actively leading the discussions from a security standpoint
- design and implement security-related systems and functionality
- consult R&D projects on security considerations, best practises, and patterns
- assist in planning for and security testing for Nokia's services
- assist in and conduct internal vulnerability assessments, pen testing, code reviews, and security audits (such as PCI reviews and/or gap analysis)
- develop and lead training programs that will be used to train developers on secure code development practices
- drive discovery and interpretation of security requirements
- create all the necessary documentation that codifies the application security program: this will include the development of secure coding policies, procedures and standards, modification of the SDLC to include the necessary security checkpoints, code review methodologies etc.
- participate as a subject matter expert in incident response when required