Vulnerability Developer (428312)

Our Exciting Opportunity
Customer interest and expectations of security are growing, especially with the introduction of 5G and related services. The protection of information is critical to our business, reputation, and brand! It is therefore essential that our customers can trust that our products and the technology behind them are secure; we need to facilitate and grow competence for an effective Vulnerability Analysis (VA) of our products.
We are now searching for VA developers/testers for the Vulnerability Analysis section in the new DNEW (Development Unit Networks) Network Systems & Verification, section Vulnerability Analysis.
You will work in a team that is responsible for Security Risk Assessment and Vulnerability Analysis of RAN products, with focus on 5G. You will be involved in performing VA tests and penetration tests, producing VA reports, and together with the systems team, securing formal risk assessments on both feature and product levels.
The work will be a mixture of white and black box testing (using common tools such as the Kali suite or Nessus), fuzz-testing and craftsmanship that comes along with the area. You should be able to present your findings and propose mitigations to developers, testers and other partners.
We see it as a big plus if you have automation competence and CI/CD development experience.


You will
• Maintain and prepare VA Environment - lab setup, troubleshooting, configuration changes, and new tools deployment
• Participate in test analysis for features and products
• Do a VA test and produce a report per feature/release for several nodes
• Provide feedback to RA’s/programs (based on performed risk analysis)
• Be part of automation activities
• Drive continuous improvements of products and processes
• Be a part of a team that will develop CI/CD VA machinery
• Report into Product Development Leader


To be successful in the role you must have
• BSc/MSc level in a technical field or the equivalent level of knowledge
• Genuine interest in software development and product & application security
• Ability to perform test analysis, evaluate test results, and produce a verdict
• Knack for troubleshooting, problem-solving and end-to-end thinking paired with a value-driven development attitude
• Working with VA or Security in a mixed target environment including embedded systems, Linux and highly distributed systems.
• Experience of programming in PHP/Python/Bash/Java or similar environment
• Knowledge sharing, presentation, collaboration, teamwork, and communication skills
• Understanding of automation
• Knowledge/experience in development processes such as DevSecOps & CI/CD, as a plus
• AIR interface experience (a big advantage)

Knowledge/experience in the following are an advantage:
• OSCP (Offensive Security Certified Professional) or applicable certification
• Risk Assessment and threat modeling methodologies and tools
• Network Security and information security standards
• Software development skills
• Experience from working with PEN-testing
• Being an Ericsson Certified Security Associate
• Experience with CI/CD pipelines and DevSecOps

What´s in it for you?
Here at Ericsson, our culture is built on over a century of courageous decisions. With us, you will no longer be dreaming of what the future holds – you will be redefining it. You won’t develop for the status quo, but will build what replaces it. Joining us is a way to move your career in any direction you want; with hundreds of career opportunities in locations all over the world, in a place where co-creation and collaboration are embedded into the walls. You will find yourself in a speak-up environment where empathy and humanness serve as cornerstones for how we work, and where work-life balance is a priority. Welcome to an inclusive, global company where your opportunity to make an impact is endless.
What happens once you apply?
To prepare yourself for next steps, please explore here: https://www.ericsson.com/en/careers/job-opportunities/hiring-process
If you have any specific questions about this role, please contact recruiter Dorota Baran at dorota.baran@ericsson.com.

Kindly note that we cannot process applications sent via email.
Please submit your application in English.
Security clearance including references and relevant background screening will be conducted for final candidates.
Location for this role: Stockholm, Sweden
Last day to apply: 2020/09/28


Do you believe that an organization fostering an environment of cooperation and collaboration to execute with speed creates better business value? Do you value a culture of humanness, where fact based decisions are important and our people are encouraged to speak up? Do you believe that diverse, inclusive teams drive performance and innovation? At Ericsson, we do.
We provide equal employment opportunities without regard to race, color, gender, sexual orientation, transgender status, gender identity and/or expression, marital status, pregnancy, parental status, religion, political opinion, nationality, ethnic background, social origin, social status, indigenous status, disability, age, union membership or employee representation and any other characteristic protected by local law or Ericsson’s Code of Business Ethics.