Principal Security Specialist

'''Job Description

Principal Security Specialist-APP0000004W'''

Description Principal Security Specialist will primarily be contributing into development, implementation and maintenance of the application security program across R&D in Services. This is a hands-on position that requires someone who has had a great deal of application development and coding experience together with an understanding of application security and secure coding principles. This position will design secure products and architectures, perform architecture and secure code reviews, perform penetration testing, define secure coding standards, and strongly contribute into application security awareness programs. This role will work closely with engineering and products teams to design and implement security-related systems and functionality, including writing secure code as necessary, verification of services' launch readiness. This position would require constant monitoring and awareness of key developments in the area of web application security, evaluation of their impacts on services in production and under development. The candidate is expected to be able to work in virtual teams, identify needed/missing capabilities and contribute in application security competence development creating and maintaining security community in Services R&D. Key tasks:


 * evangelize security principles through engineering and drive adoption of best practices


 * participate in applications' design and architectural reviews actively leading the discussions from a security standpoint


 * design and implement security-related systems and functionality


 * consult R&D projects on security considerations, best practises, and patterns


 * assist in planning for and security testing for Nokia's services


 * assist in and conduct internal vulnerability assessments, pen testing, code reviews, and security audits (such as PCI reviews and/or gap analysis)


 * develop and lead training programs that will be used to train developers on secure code development practices


 * drive discovery and interpretation of security requirements


 * create all the necessary documentation that codifies the application security program: this will include the development of secure coding policies, procedures and standards, modification of the SDLC to include the necessary security checkpoints, code review methodologies etc.


 * participate as a subject matter expert in incident response when required

Qualifications Expertise/skills required:


 * MSc or higher degree in Computing Science or equivalent
 * relevant work experience in application development 10+ years


 * strong web programming background (PHP and Java preferred)


 * knowledge of web technologies and standards: HTML, Javascript, SQL, JSON, XML, XHTML, SSL/TLS, REST, SOAP, SAML, OAuth, OpenID


 * ability to read code: Ruby, Perl, Python, SQL and write programs to produce tools, test or demonstrate ideas


 * experience in secure application programming, coding life cycles and designs


 * knowledge of software and network architecture and standards


 * ability to understand business drivers and priorities, and integrate these requirements into overall security design


 * understanding of security principles, best practices architectures, tools and processes


 * ability to communicate security objectives orally and in writing to a variety of audiences


 * self-motivation with the ability to work independently and as a team member with minimal


 * direction team skills, ability to work with different people

Expertise/skills preferred:


 * relevant work experience in application security 5+ years
 * experience working with MySQL, Apache, JBoss, Tomcat, Oracle, etc.


 * understanding TCP/IP protocol family, RTP/RTSP, XMPP, SIP, PKI, IPsec, VPN


 * expertise in manual and/or automated secure code reviews


 * expertise in vulnerability assessments and lead resolutions of any security findings


 * ability to understand detailed technical procedures, projects, SDLC and Web Development Architecture, Ethical Hacking Process etc.


 * familiarity with reverse engineering techniques and tools


 * protocol inspection

Job Research & Development

Primary Location

US-Burlington

Other Locations

US-Mountain View, CA-Burnaby

Organization

Services

Schedule

Full-time

Job Level

Individual Contributor

Education Level

Bachelor's Degree (±16 years)

Job Type

Experienced

Employee Status

Regular

Travel

Yes, 25% of the time