Descrição

Job Description

Join us in creating the technology that helps the world act together

We are a B2B technology innovation leader pioneering the future where networks meet cloud. At Nokia you will have a positive impact on people’s lives and help build the capabilities needed for a more productive, sustainable, and accessible world.

Be part of a culture built on an inclusive way of working where we are open to your ideas, you are empowered to take risks and are encouraged to be fearless in bringing your authentic self to work.

The team you'll be part of

Strategy and Technology lays the path for Nokia’s future technology innovation and identifies the most promising areas for Nokia to create new value. We set the company’s strategy and technology vision, offer an unparalleled research foundation for innovation, and provide critical support infrastructure for Nokia.

Part of Strategy & Technology, Group Security (GS) is Nokia’s central knowledge center responsible for Nokia’s cyber security policies and standards, the cyber security architecture and roadmap, and the monitoring, alerting of security incidents.

We partner with the Nokia Business Groups and Central Functions on product security, customer security, and interact with governments on security regulations.

Together we take care of Nokia’s security culture, processes, systems, products and services to position Nokia as a trusted partner for the 5G era and beyond

The Cyber Security Defense Center (CDC) is looking for a Threat Intelligence and Threat Hunting Security Professional taking up responsibilities in the CDC Engineering and Threat Hunting Team.

How You Will Contribute And What You Will Learn

What you will learn and contribute to

Nokia’s CDC has established a ‘Threat Intelligence & Threat Hunting Capability’. This consists out of 3 main activities: ‘Threat Intelligence’ – ‘Threat Modeling’ – ‘Threat Hunting’.

The focus of ‘Threat Intelligence’ is on gathering information on threats that may affect Nokia when executed. A timely understanding of these threats allows to validate whether the existing security measures are effective or need to be updated or introduced. To make this happen, the gathered intelligence needs to be evaluated and the relative priorities established as it is not feasible (nor sustainable) to focus on every reported threat. The prioritization of threats and the translation of the info into threat models is taken care of by the ‘Threat Modeling’.

Finally, to validate whether additional security measures need to be taken, it is up to the ‘Threat Hunting’ team to perform the necessary validations (i.e., standalone or in collaboration with other parties such as Computer Emergency Response Team) and to provide insights on the observations made.

In the remainder of this document, the profile we’re looking for will be referenced as ‘TI & TH-professional’.

• The TI & TH-professional is capable of addressing the challenges regarding the management of Threat Intelligence information (aka TI info). I.e. establish an effective lifecycle management and incrementally improve the value add of the available threat intel through the (auto-)enrichment of security event data. The activities in scope of the TI activities include (non-exhaustive view):
• Identification of relevant TI-feeds in support of stakeholders needs
• Support (auto-)enrichment of event information through the ingestion of TI information in our TI platform (MISP)
• Support the establishment of an effective TI reporting mechanism
• Look for options to improve the ‘value add’ of the available intel

Information available through the TI-capability pillars ‘Threat Intelligence’ & ‘Threat Modeling’ is used to identify the potential threats and prioritize these for evaluation through a dedicated hunt. To streamline the activities in support of defined hunts, the hunt team takes a process-based approach, leveraging the PEAK-model .

Focus of ‘Threat Hunting’ is on investigating a defined threat hypothesis and hunt for information that will (dis)prove the hypothesis. The outcome of the hunt is used to inform the relevant team stakeholders and to propose improvements to existing detection rules or define new ones.

• The ‘TI & TH-professional’ will actively supported the execution of defined hunts and diligently carry out the full lifecycle, i.e. from hypothesis definition up to documenting findings and sharing the insights with stakeholders. The activities in scope include (non-exhaustive view):
• Digest the information made available through the TI- and TM-activities
• Propose topics for new hunts, considering the priorities associated with specific TTPs
• Prepare the execution of hunts, including a validati

  Para se candidatar a esta vaga, faz login ou crie uma conta.