General Information

Req #
WD00044615
Career area:
Hardware Engineering
Country/Region:
United States of America
State:
North Carolina
City:
Morrisville
Date:
Wednesday, January 11, 2023
Working time:
Full-time
Additional Locations
Morrisville - North Carolina - United States of America

Why Work at Lenovo

Here at Lenovo, we believe in smarter technology that builds a brighter, more sustainable and inclusive future for our customers, colleagues, communities, and the planet.

And we go big. No, not big—huge.

We’re not just a US$70 billion revenue Fortune Global 500 company, we’re one of Fortune’s Most Admired. We’re transforming the world through intelligent transformation, offering the world’s most complete portfolio of smart devices, infrastructure, and solutions. With more than 71,500 employees doing business in 180 markets, we help millions—not just the select few—experience our version of a smarter future.

The one thing that’s missing? Well… you...

Description and Requirements

This position is for a Sr. Cloud Security Architect in the Lenovo ISG SW and Solutions Group. This is an exciting role where you will get to help create and drive cloud security strategy and implementation. You will be supporting the premier development effort in a growing software and solutions development organization that is focused on being the #1 trusted IT Partner in the datacenter infrastructure market. 

Job Description:

Lenovo is searching for a Sr. Cloud Security Architect to join our SW and Solutions team to help lead the secure design and development of Cloud products and to help oversee the operational security of Cloud products in production. The Cloud Security Architect will work with our worldwide development teams to continuously improve the security posture of our cloud products and services in alignment with Lenovo Security policies, standards, and processes as well as local, regional and international cloud security standards and regulations. The ideal candidate is familiar with cloud cybersecurity best practices, modern DevSecOps automation tools. The candidate should also be skilled in both GCP and Azure Cloud Security. We are looking for someone with a security mindset who "thinks like an attacker".

Responsibilities:

  • Perform cybersecurity control and risk assessments of our products and infrastructure architecture for compliance with Lenovo Requirements and international cloud security best practices
  • Recommend and drive implementation of technical, administrative and physical remediation's and mitigations for identified risks and vulnerabilities
  • Design and develop cloud security architectures and perform architecture design reviews and help development teams with implementation. 
  • Help Design, Implement and Oversee Operation of DevSecOps solutions to secure complex CI/CD pipelines
  • Implement, maintain and improve existing industry best practices of cloud security controls such as:
    • Monitoring & Logging
    • Identity and Access Management
    • Encryption
    • Data Security & Privacy
    • Incident Response & Forensics
    • WAF, RASP, SIEM, IDS/IPS, Service Mesh, etc.
  • Acquire relevant knowledge, remain up to date, attend cloud security conferences and be involved with the cloud security community
  • Drive and help lead cloud security strategy, tools, training, processes, and tactics

Basic Qualifications:

  • 7+ years of experience with cloud security (security researcher, security engineer / developer, security architect).
  • Bachelor’s Degree in Computer Science or related field, or additional 5+ years of cybersecurity experience
  • 5+ years of experience in: Infrastructure security, security SDLC and secure SaaS practices Cloud Product Threat modeling experience
  • 3+ years of experience with GCP and Azure.

Preferred Qualifications:

  • Experience doing code review for configuration management tools and scripting languages
  • Experience with design, implementation, and security best practices in Microservice Development
  • Experience with all DevSecOps Tool Types including SAST, DAST, IAST, Feature Flag Tools, Threat Modeling, Fuzzing, etc.
  • Experience with ISO27001 and SOC-2 certification
  • Hand-on experience with GCP and Azure security best practices and services
  • Security of relational databases (Mongo, MySQL, MS SQL Server, Oracle)
  • Security management certificates (CISSP, CSSLP, CISM, etc.)
  • Has presented at security conferences (BlackHat, OWASP, etc.)
  • Experience with as many of these as possible; Terraform, Ansible, Jira, Bitbucket, Confluence, Artifactory, JFrog, GitHub, Jenkins GCP
  • Experience with nodeJS, Javascript, Angular
  • Experience with GDPR and CCPA
  • Infrastructure Security and IAC Security Container Security Docker & Kubernetes Security Identity management and authentication systems and protocols (Keycloak, Active Directory, LDAP, SAML, RADIUS)
  • Linux/Unix OS Network architecture and security configurations
  • Cloud Security Certifications such as CCSK, CCSP, or SANs Cloud Related Certs
  • Master’s degree in Computer Science or related field
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any federal, state, or local protected class.

Lenovo adopted a COVID-19 Vaccination Policy for US-based employees. As a condition of employment, employees must adhere to Lenovo’s US Vaccination Policy and be fully vaccinated against COVID-19, subject to any applicable accommodations. To be fully vaccinated means individuals must receive the full series of a vaccine either approved by the FDA or WHO and listed by the CDC (e.g. two dose of the Moderna, AstraZeneca or Pfizer-BioNTech vaccines; or one dose of the Johnson & Johnson vaccine). This applies to all US-based employees, contractors and interns, regardless of work location. As a condition of employment, you must provide proof that you are fully vaccinated or follow Lenovo’s accommodation process.

TO BE DELETED - Multiple Cities (OLD)
* Morrisville - North Carolina - United States of America
Multiple Countries (Posting Locations)
United States of America
Multiple States (Posting Locations)
North Carolina
Multiple Cities (Posting Locations)
Morrisville - North Carolina - United States of America