Infrastructure Security Engineer

at  Ericsson

YOU WILL BRING

We are looking for candidates to be able to demonstrate:

• Security accreditations or demonstrated equivalent experience: SSCP or other certification (CCSA, CEH, CISM).

o SSCP = Systems Security Certified Practitioner (with ISC2 they do CISSP too)
o CCSA = CheckPoint Certified Security Administrator
o CEH = Certified Ethical Hacker

o CISM = Certified Information Security Manager

• Good working knowledge of security and compliance standards, including ISO27001, and experience implementing security in such an environment.
• Significant hands-on experience of Infrastructure, with an ability to troubleshoot & resolve issues in a complex networking environment (requires a good understanding of IP Networking)
• Experience of effective knowledge transfer and rigorous solution documentation for complex designs and solutions, in English. It is essential to have a very high standard of written and spoken English, and beneficial to have experience of French or Dutch.
• Experience of native AWS capabilities, including a detailed knowledge & understanding of AWS IAM & other security-related policies, and
• how to deploy and manage security solutions and

Beneficial Experience

Additionally, any of the following experience would be beneficial:

• Expertise across a variety of security products including firewalls, URL filtering, information security and virus protection. Experience with Juniper SRX, Cisco ACI and Firepower, CheckPoint, Nessus Vulnerability Scanning, CrowdStrike Falcon Agent and Elastik is desirable.
• Experience in the design and review of specifications for interfaces, system enhancements, security roles and reports.
• Hands on experience in configuration of IDS/IPS.
• Direct experience with Scripting & Security Automation.
• Experience working with or maintaining CICD platforms and tools (Ansible, Puppet, Jenkins);
• Experience/knowledge of the project lifecycle.
• Experience of Senior Management liaison and of presenting information of a complex technical nature to a variety of audiences.
• Experience assisting in identifying and implementing test scenarios to validate security.

WHAT YOU WILL DO

Security Engineers have responsibility to implement Red Bee security policy on a range of systems designed by Solution Architects.

As part of the role, you will be required to:

• Ensure new and existing Infrastructure delivery projects adhere to cyber security policy and have established ongoing methods to track compliance. You’ll need to:
• Understand complex technical environments and dependencies and issues, managing them within a fast-paced business environment
• Design, Document and implement security within Low Level Designs & Configurations
• Work within the ISMS processes and keep abreast of security initiatives. You’ll need to:
• Develop effective ways of working with colleagues across Red Bee, ensuring security is a central component of solution handover into Operations
• Provide training/coaching the technology design, implementation and support teams regarding security policies, processes, procedures, best practices, awareness, etc
• Keep abreast with the latest vulnerabilities, attacks, and security tools to stay current with security trends and risks.
• Keep abreast of Red Bee Media and Ericsson security processes and share knowledge with colleagues locally.
• Assist with the completion of security risk assessments (including internal/external reviews for ISMS & ISO27001 compliance), resolving any non-conformities and mitigating any risks identified
• Assist Infrastructure Architects and Implementation Engineers ensure solutions are compliant and uphold Red Bee’s ISO27001 accreditation. You’ll need to:
• Cater for Vulnerability Management, exploit classification & remediation planning
• Cater for Pen testing & remediation work prior to solution handover
• Cater for AV/malware threat detection mechanisms
• Cater for Backup and Restore implementation
• Improve Way of Working (WoW) between SecOps & InfraOps teams
• Identify & implement new ways to automate & improve information security across the business.
• Contribute to AWS security implementation, including custom IAM policies, security groups, NACLs, and S3 bucket policy(ies).

Join Ericsson as an IT Security Professional, a pivotal role fundamental to safeguarding our information assets across the IT environment. This position involves providing IT security operations, expertise, support and solutions, grounded on the IT Security Requirement. The successful candidate will enable compliance, adhering to applicable internal / external requirements, laws, regulations, and standards.What you will do:

• Facilitate the implementation of security requirements in the business framework.
• Oversee and assure the execution of IT Security initiatives across Ericsson and measure security posture and risk appetite.
• Certify IT solutions for security and enforce policies.
• Engage in the development and implementation of IT Security strategy across Ericsson’s IT infrastructure.
• Manage IT Security Incident responses and promote IT Security knowledge growth through training initiatives across Ericsson IT.
• Maintenance and evolution of standardized security frameworks (ISMS, ISO 27001, NIST, BCM, etc.) and deliver security services to stakeholders.
• Organize internal and external IT Security audits or assessments while ensuring the readiness of IT security support and expertise