General Information

Req #
WD00033374
Career area:
Hardware Engineering
Country/Region:
United States of America
State:
North Carolina
City:
Morrisville
Date:
Tuesday, June 21, 2022
Working time:
Full-time
Additional Locations: 
* Morrisville - North Carolina - United States of America

Why Work at Lenovo

Here at Lenovo, we believe in smarter technology that builds a brighter, more sustainable and inclusive future for our customers, colleagues, communities, and the planet.

And we go big. No, not big—huge.

We’re not just a US$70 billion revenue Fortune Global 500 company, we’re one of Fortune’s Most Admired. We’re transforming the world through intelligent transformation, offering the world’s most complete portfolio of smart devices, infrastructure, and solutions. With more than 71,500 employees doing business in 180 markets, we help millions—not just the select few—experience our version of a smarter future.

The one thing that’s missing? Well… you...

Description and Requirements

At Lenovo, we manufacture one of the world's widest portfolios of connected products, including PCs (ThinkPad, Yoga, Lenovo Legion), tablets, smartphones and workstations as well as augmented and virtual reality (Mirage, ThinkReality) and smart home/office solutions, software and services. Lenovo's data center solutions (ThinkSystem, ThinkAgile) are creating the capacity and computing power for the connections that are changing business and society.

What You'll Do

We are looking for a BIOS/UEFI & Firmware security reviewer or developer to work with product teams to prevent and mitigate security vulnerabilities. The candidate will have proven experience analyzing BIOS/UEFI code, understanding threats, evaluating attack surfaces, assessing risk, and defining appropriate responses. Experience with industry common practices in vulnerability detection and mitigation is critical.

In Summary you will:

  • Perform BIOS/UEFI & firmware security architecture reviews and tests on PCSD's hardware products
  • Work with development and security teams to find and explain security issues, communicate the priority and risk, suggest mitigations, and ensure the issues are mitigated
  • Stay up to date on the latest testing tools and techniques ensure you are using the most effective methods
  • Research new techniques and develop new tools

Basic Qualifications:

  • Bachelors degree in a relevant field or equivalent relevant experience
  • 3+ years of pre-boot (e.g. UEFI), embedded firmware, or device driver development experience
  • 3+ years of low-level languages development experience (C, assembly)

Preferred Qualifications:

  • Strong programming skills in C/C++, Python, Java
  • Experience with computer architecture
  • Experience with security related technologies such as Secure Boot, TPM, AES, DES, RSA, Secure Memory Encryption, Secure Encrypted Virtualization
  • Experience with USB, SPI, I2C, LPC, and PCIe
  • Experience in hardware/software interfaces and debugging issues in CPU and firmware using source code debuggers, JTAG, and other tools
  • Ability to create prototypes using boards like raspberry pi, Arduino and others
  • Previous research experience on computer (Windows+Intel) security, UEFI security, virtualization is a big plus
  • SANS certifications such as:
    • GIAC Certified Forensic Examiner (GCFE)
    • GIAC Reverse Engineering Malware (GREM)
  • EC-Council certifications such as: Certified Ethical Hacker (ANSI or Practical)
  • Familiarity with Agile processes
  • Experience with source control systems such as git
  • Strong written and verbal communications and interpersonal skills
  • Ability to work independently as well as function as an integral part of a team, and take initiative and ownership in a fast-paced environment
  • Ability to successfully work across regions and functions to solve problems and get things done
**Multiple positions are available**
#LI-remote
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any federal, state, or local protected class.

Lenovo adopted a COVID-19 Vaccination Policy for US-based employees. As a condition of employment, employees must adhere to Lenovo’s US Vaccination Policy and be fully vaccinated against COVID-19, subject to any applicable accommodations. To be fully vaccinated means individuals must receive the full series of a vaccine either approved by the FDA or WHO and listed by the CDC (e.g. two dose of the Moderna, AstraZeneca or Pfizer-BioNTech vaccines; or one dose of the Johnson & Johnson vaccine). This applies to all US-based employees, contractors and interns, regardless of work location. As a condition of employment, you must provide proof that you are fully vaccinated or follow Lenovo’s accommodation process.

* Morrisville - North Carolina - United States of America