SW Production Security Champion

• Hands-on experience with RAN Performance / TPS or similar production, lab, CI/CD, build, and test environments
• Strong understanding of security frameworks, secure SDLC/SSDF, and CI/CD architectures, with the ability to translate requirements into concrete controls and evidence
• Solid knowledge of security concepts including vulnerability management, secure configuration, identity and access management, and Ericsson's SRM framework
• Experience with security activities such as risk assessments, security reviews, audits, or customer security questionnaires
• Good understanding of regulatory expectations for R&D/production environments (NIST SSDF, EU CRA, NIS2)
• Proven ability to lead cross-functional initiatives and drive change through influence rather than formal authority

We are looking for a Production Security Champion/Security Specialist to join the RAN Performance team. In this role, you will ensure that production and production-adjacent environments including CI/CD pipelines, build and test infrastructure, performance labs, and related tooling, comply with Ericsson security expectations and external regulations.

This is not a product feature security role; it is about securing the engineering backbone that RAN Performance products are built, tested, and delivered on. You will translate requirements from frameworks such as NIST SSDF, NCSC, and EU CRA into concrete controls and ways of working, serve as the connection point between RAN Performance and key stakeholders.

,[Interpret and translate NIST SSDF, NCSC, EU CRA and related frameworks into concrete security controls for build/test tools, CI/CD pipelines, SBOM tracking, access control, and logging. , Ensure audit-ready evidence is available for self-attestations, customer requests, and regulatory reviews. , Turn secure development principles into practical guidelines for production tooling and automation: covering secure scripting, CI/CD patterns, and secrets/credentials handling. , Drive security awareness and training for engineers and operations teams, making security requirements understandable and actionable. , Define and maintain reusable security ways of working for RAN Performance production, including access request flows, security review checkpoints, logging and retention requirements, and incident handling routines. , Build clear documentation, templates, and checklists teams can apply when onboarding new tools or making environment changes. , Risk, Vulnerability & Access Management, Maintain an aggregated risk view for production environments, coordinating vulnerability management (intake, triage, prioritization, follow-up) and periodic access reviews (onboarding/offboarding, re-certification, segregation of duties). Drive structured, transparent handling of vulnerabilities, hardening, privileged access, and exceptions through to closure. , Lead a chapter of Security Masters and Principal Security Masters across production and production-like environments. Set shared goals and backlogs, ensure two-way information flow between teams and leadership, and keep activities synchronized with the Product Security Champion, RAN Performance leadership, and the BNEW R&D Security Program. ] Requirements: RAN, Security, Software Security, risk assesment, Audits Additionally: Sport subscription, Training budget, Private healthcare, Lunch card, International projects, Free coffee, Canteen, Bike parking, Playroom, In-house trainings, Free parking, Mobile phone, Modern office, No dress code.