Security Engineering Technical Auditor (775752) at Ericsson
Ericsson · Madrid, Spain · Hybrid
- Professional
- Office in Madrid
Career Opportunities: Security Engineering Technical Auditor (775752)
Join our Team
About this opportunity:
Join our team at Ericsson as a Security Engineering Policy Officer, a key role that ensures the integration and auditing of security controls within CI/CD environments and 5G products, aligned with frameworks such as NESAS, SSDF, and SCAS. You will lead security audits, identify systemic weaknesses and recommend improvements. Your goal will be to ensure consistency of BCSS Security Policy application across the portfolio, working closely with Enterprise Security, security champions across the organization, and other internal Ericsson auditing functions.
What you will do:
- Drive the implementation of Security controls into our security product processes and workflows, including in CI/CD, Cloud Native Applications and 5G, for example, through NESAS SSDF, NESAS FS.16, SCAS TS 33.xxx controls
- Drive the development environment security audits, for example, NESAS and NIST SSDF-based audits.
- Identify and solve security systemic, organizational-wide problems, influence, and build strong relationships with security champions across the organization
- Lead security technical presentations to adapt to different levels of key business and technical stakeholders
- Collaborate with senior leaders within the Business Area and Security Engineering team in audit planning, preparation and execution, and turning audit findings into development issues and/or requirements.
The skills you bring:
- At least 5 years of experience in product and/or cybersecurity audit and testing.
- Knowledge of Cyber Security and a view on how strategy can lead to change in a large organization, and the ability to take ownership of it.
- Proven track record of executing product development security audits (for example, GSMA NESAS).
- Good knowledge of telecom and security standards and best practices (e.g., ISO/IEC 27001, NIST SP-800 series, NIST Cybersecurity Framework, PCI DSS, OWASP Top 10, 3GPP SCAS, GSMA NESAS, S-SDLC, etc.).
- Good knowledge of Cyber Security and a view on how strategy can lead to change in a large organization, and feel able to take ownership of it
- Ability to cooperate with different functional areas (security, IT, legal, finance), service delivery, market areas, and customer units.
- Proven knowledge of security tools and testing methodologies.
- High communications and presentation capabilities.
- High understanding of the standardizing way of working.
- Highly developed skills of Knowledge Sharing.
Optional (You will be supported in achieving these as part of your personal development):
- Formal course certification in security and/or a track record with an accredited NESAS assessment body are not required, but are a plus.
- Experience working on DevOps workflow
- Experience with containerization/orchestration (Docker, k8S, ..) is a plus.
- Developed business insight.
- Ability to understand BCSS business offerings.
Why join Ericsson?
At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next.
What happens once you apply?
Click Here to find all you need to know about what our typical hiring process looks like.
Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more.
Primary country and city: Stockholm is preferred. Paris or Madrid is possible.
Req ID: 775752
Join our Team
About this opportunity:
Join our team at Ericsson as a Security Engineering Policy Officer, a key role that ensures the integration and auditing of security controls within CI/CD environments and 5G products, aligned with frameworks such as NESAS, SSDF, and SCAS. You will lead security audits, identify systemic weaknesses and recommend improvements. Your goal will be to ensure consistency of BCSS Security Policy application across the portfolio, working closely with Enterprise Security, security champions across the organization, and other internal Ericsson auditing functions.
What you will do:
- Drive the implementation of Security controls into our security product processes and workflows, including in CI/CD, Cloud Native Applications and 5G, for example, through NESAS SSDF, NESAS FS.16, SCAS TS 33.xxx controls
- Drive the development environment security audits, for example, NESAS and NIST SSDF-based audits.
- Identify and solve security systemic, organizational-wide problems, influence, and build strong relationships with security champions across the organization
- Lead security technical presentations to adapt to different levels of key business and technical stakeholders
- Collaborate with senior leaders within the Business Area and Security Engineering team in audit planning, preparation and execution, and turning audit findings into development issues and/or requirements.
The skills you bring:
- At least 5 years of experience in product and/or cybersecurity audit and testing.
- Knowledge of Cyber Security and a view on how strategy can lead to change in a large organization, and the ability to take ownership of it.
- Proven track record of executing product development security audits (for example, GSMA NESAS).
- Good knowledge of telecom and security standards and best practices (e.g., ISO/IEC 27001, NIST SP-800 series, NIST Cybersecurity Framework, PCI DSS, OWASP Top 10, 3GPP SCAS, GSMA NESAS, S-SDLC, etc.).
- Good knowledge of Cyber Security and a view on how strategy can lead to change in a large organization, and feel able to take ownership of it
- Ability to cooperate with different functional areas (security, IT, legal, finance), service delivery, market areas, and customer units.
- Proven knowledge of security tools and testing methodologies.
- High communications and presentation capabilities.
- High understanding of the standardizing way of working.
- Highly developed skills of Knowledge Sharing.
Optional (You will be supported in achieving these as part of your personal development):
- Formal course certification in security and/or a track record with an accredited NESAS assessment body are not required, but are a plus.
- Experience working on DevOps workflow
- Experience with containerization/orchestration (Docker, k8S, ..) is a plus.
- Developed business insight.
- Ability to understand BCSS business offerings.
Why join Ericsson?
At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next.
What happens once you apply?
Click Here to find all you need to know about what our typical hiring process looks like.
Encouraging a diverse and inclusive organization is core to our values at Ericsson, that's why we champion it in everything we do. We truly believe that by collaborating with people with different experiences we drive innovation, which is essential for our future growth. We encourage people from all backgrounds to apply and realize their full potential as part of our Ericsson team. Ericsson is proud to be an Equal Opportunity Employer. learn more.
Primary country and city: Stockholm is preferred. Paris or Madrid is possible.
Req ID: 775752
