General Information

Req #
Career area:
Cloud Computing
United States of America
North Carolina
Tuesday, July 20, 2021
Working time:

Why Work at Lenovo

Here at Lenovo, we believe in smarter technology for all, so we spend our time building a society that’s brighter and more inclusive. 

And we go big. No, not big—huge.

We’re not just a Fortune Global 500 company, we’re one of Fortune’s Most Admired. We’re in 180 markets, working with 63,000 brilliant colleagues and counting. And we’re known for the world’s most complete portfolio of smart technology, from devices to software to infrastructure.

With our ingenuity, we help millions—not just the select few—experience our version of a smarter future. 

The one thing that’s missing? Well… you...

Description and Requirements

Who You Will Work With
At Lenovo, we manufacture one of the world’s widest portfolios of connected products, including PCs, tablets, smartphones, and workstations as well as augmented and virtual reality and smart home/office solutions. We are also building an innovative portfolio of software and services which are changing the industry. Lenovo is creating the capacity and computing power for the connections that are changing business and society.

• Perform cybersecurity control and risk assessments of proposed and existing product and infrastructure architecture for compliance with Lenovo Requirements and international cloud security best practices, recommending technical, administrative, and physical remediation and mitigation of identified risks and vulnerabilities
• Develop service security and compliance requirements for SaaS multi-tenant systems
• Design and develop cloud security architectures and perform architecture design reviews
• Help Design, Implement and Oversee Operation of DevSecOps solutions to secure complex CI/CD pipelines
• Implement, maintain and improve existing industry best practices of cloud security controls such as:
o Monitoring & Logging
o Identity and Access Management
o Encryption
o Data Security & Privacy
o Incident Response & Forensics
• Provide guidance to R&D and Product Management on defining and prioritizing the development of secure SaaS offerings
• Prepare and deliver training and security awareness activities to the Engineering teams
• Acquire relevant knowledge, remain up to date, attend cloud security conferences, and be involved with the cloud security community
• Drive and help lead cloud security strategy, tools, training, processes, and tactics

Basic Qualifications:
2+ years of experience with cloud security testing.
Bachelor’s Degree in Computer Science or related field, or additional 5+ years of cybersecurity experience
2+ years experience with AWS
2+ years Experience in: Infrastructure security, security SDLC and secure SaaS practices Cloud Product Threat modeling experience

Preferred Qualifications:
Experience doing code review for configuration management tools and scripting languages
Experience with all DevSecOps Tool Types including SAST, DAST, IAST, Feature Flag Tools, Threat Modeling, Fuzzing, etc.
Hands-on experience with AWS security best practices and AWS services
Security standards and practices (CSA, OWASP, SANS, etc.)
Security management certificates (CISSP, CSSLP, CISM, etc.)
Experience with as many of these as possible; Terraform, Ansible, Jira, Bitbucket, and Confluence, Artifactory, JFrog, GitHub, Jenkins GCP, and AliCloud experience.
Experience with GDPR and CCPA
Security reviews for code/design/architecture and requirements: Cloud Security standards such as CSA CCM, ISO 27017, ISO 27018 etc.)
Linux/Unix and Windows OS Network architecture and security configurations.
Completion 1 or more Cloud Security Certifications such as CCSK, CCSP, or SANs Cloud Related Certs
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any federal, state, or local protected class.