General Information

Req #
Career area:
Tuesday, October 25, 2022
Working time:
Additional Locations

Why Work at Lenovo

Here at Lenovo, we believe in smarter technology that builds a brighter, more sustainable and inclusive future for our customers, colleagues, communities, and the planet.

And we go big. No, not big—huge.

We’re not just a US$70 billion revenue Fortune Global 500 company, we’re one of Fortune’s Most Admired. We’re transforming the world through intelligent transformation, offering the world’s most complete portfolio of smart devices, infrastructure, and solutions. With more than 71,500 employees doing business in 180 markets, we help millions—not just the select few—experience our version of a smarter future.

The one thing that’s missing? Well… you...

Description and Requirements

1. Be responsible for the drill of red blue confrontation attack and defense, and continuously evaluate the safety protection level of the company.

2. Research cutting-edge security technologies, vulnerabilities, intelligence and attack methods.

3. Extract attack features, build a network security blue army weapon platform, and improve the automatic confrontation capability.

Basic post requirements

1. Proficiently master the key technologies, tool use and attack ideas of ATT&CK in each link;

2. Proficient in mainstream network, application, system attack technology and common tools, familiar with the principle and utilization of common security vulnerabilities;

3. Track cutting-edge security attack and defense technologies, and have the ability to exploit/analyze/reproduce vulnerabilities;

4. Be familiar with various ways to obtain threat information, and track and analyze security threats;

5. Have the ability of reverse analysis of trojan horse/virus/worm and kill free technology;

5. Good communication, analysis, coordination and teamwork spirit.

Bonus items:

1. Have ATT&CK landing experience.

2. Have more experience in extranet and extranet penetration or have in-depth research on the confrontation in the working group/domain.

3. Have the experience of winning awards in large network security competitions (such as HW)/digging high quality vulnerabilities/publishing in-depth technical papers.

4. Rich SRC vulnerability mining experience.

5. Those with relevant security qualifications such as CISSP, CISA, CSSLP, ISO27001, ITIL, PMP, COBIT, Security+, CISP, OSCP, etc.

TO BE DELETED - Multiple Cities (OLD)
* 北京(Beijing) - Beijing - China