SW Production Security Champion

Ericsson is hiring a Production Security Champion/Security Specialist to join the RAN Performance team. The role focuses on securing production and production-adjacent environments such as CI/CD pipelines, build and test infrastructure, and performance labs, ensuring compliance with Ericsson security expectations and external regulations.

• Hands-on experience with RAN Performance, TPS, or similar production, lab, CI/CD, build, and test environments.
• Strong understanding of security frameworks, secure SDLC/SSDF, and CI/CD architectures.
• Solid knowledge of security concepts including vulnerability management, secure configuration, identity and access management, and Ericsson's SRM framework.
• Experience with security activities such as risk assessments, security reviews, audits, or customer security questionnaires.
• Good understanding of regulatory expectations for R&D/production environments (NIST SSDF, EU CRA, NIS2).
• Proven ability to lead cross-functional initiatives and drive change through influence rather than formal authority.

Nice to have:

• Experience with risk assessment.
• Experience with audits.

• Interpret and translate NIST SSDF, NCSC, EU CRA, and related frameworks into concrete security controls for build/test tools, CI/CD pipelines, SBOM tracking, access control, and logging.
• Ensure audit-ready evidence is available for self-attestations, customer requests, and regulatory reviews.
• Turn secure development principles into practical guidelines for production tooling and automation, including secure scripting, CI/CD patterns, and secrets/credentials handling.
• Drive security awareness and training for engineers and operations teams.
• Define and maintain reusable security ways of working for RAN Performance production, including access request flows, security review checkpoints, logging and retention requirements, and incident handling routines.
• Build clear documentation, templates, and checklists for onboarding new tools or making environment changes.
• Maintain an aggregated risk view for production environments, coordinating vulnerability management and periodic access reviews.
• Drive structured handling of vulnerabilities, hardening, privileged access, and exceptions through to closure.
• Lead a chapter of Security Masters and Principal Security Masters across production and production-like environments, ensuring synchronization with leadership and security programs.