General Information

Req #
Career area:
Hardware Engineering
United States of America
North Carolina
Tuesday, November 16, 2021
Working time:

Why Work at Lenovo

Here at Lenovo, we believe in smarter technology for all, so we spend our time building a society that’s brighter and more inclusive. And we go big. No, not big—huge. 

We’re a US$60 billion revenue Fortune Global 500 company serving customers in 180 markets around the world. Focused on a bold vision to deliver smarter technology for all, we are developing world-changing technologies that power (through devices and infrastructure) and empower (through solutions, services and software) millions of customers every day and together create a more inclusive, trustworthy and sustainable digital society for everyone, everywhere. 

The one thing that’s missing? Well… you...

Description and Requirements

What You'll Do
·       Lead a global team of software security engineers and development security champions to assess the security posture of Lenovo and 3rd party developed applications for Windows and Android devices. 
·       Conduct security assessments of client applications, both Lenovo developed and 3rd party, using industry-standard tools and techniques to identify vulnerabilities. Experienced with all DevSecOps tool types and with building full CI/CD pipelines with a complete DevSecOps toolset with gating.
·       Risk-ranking of identified threats to prioritize mitigation and remediation activities. 
·       Help train members of development teams in secure development best practices 
·       Perform security code reviews of application source code 
·       Participate in software design sessions with development teams, analyzing and assisting in the secure design and architecture of PC application software 
·       Working with software designers, developers, project managers, and testers - developing close working partnerships with development teams - to review, assist and recommend changes and solutions to address the security of Lenovo- and third party-developed software 
·       Act as a trusted advisor and subject matter expert to product development and engineering teams - provide advice on secure application design, development and validation 
·       Identify and evaluate needed tools and refine processes and procedures to ensure security reviews are performed correctly.   
·       Define security requirements for Lenovo and third-party development teams. 
·       Stay current in the latest security tools, methodologies, and best practices, especially as it relates to Windows and mobile app development. 
·       Act as a Secure Development Lifecycle evangelist, guiding and training development teams within the Personal Computer & Smart Devices group on how to effectively and efficiently apply secure development practices
Basic Qualifications: 
·       Bachelor’s degree in Computer Science, Computer Engineering, Software Engineering, or related field; or relevant cybersecurity experience of 5+ years.  
·       3+ years of management experience managing software developers and/or cybersecurity teams
·       3+ years of experience in Computer Security with experience in computer programming, secure software design, vulnerability management, and product security testing 
·       3+ years of experience with at least two of the following; C/C++, C# .NET, or Java.  1+ yrs. experience with all of them   
·       At least 1 cyber security certification such as CISSP or a SANs Cert
Preferred Qualifications: 
·       In-depth knowledge of security concepts and design techniques relating to application, mobile, and web design.  
·       Ability to perform security assessments of Windows and mobile applications -- experience with web applications is a plus. 
·       Experience performing static analysis and code reviews. 
·       Proficiency in software development practices, release planning, and quality assurance. 
·       Ethical hacking/penetration testing that identifies weaknesses in applications and in the transmission and storage of data. 
·       Technical proficiency with Windows and Android operating systems, networking, storage systems and other client operating systems such as Linux  
·       Familiarity with development life cycle practices such as Agile.  
·       Familiarity with security and privacy frameworks, standards, and regulations like GDPR, CCPA, CSA STAR, ISO 27000 series, NIST, etc.  
·        Strong learning ability, strong self-drive, good adaptability, and passion for security.
·       Experience with the application of threat modeling or other risk identification techniques 
·       Experience in reverse engineering, disassemblers, debuggers, and developing exploits is a plus. 
·       Multiple Industry security certifications such as CISSP, CCSP, SANS-GEVA (or other SANS certs), OCSP desired. 
·       Experience in developing apps for Windows and Android operating systems, using common application programming languages such as C# or Java 
·       Familiarity with general security testing and reverse engineering tools, such as Burp Suite, Kali, ZAP, etc 
·       Understanding of general secure development practices: code review, static analysis, OWASP, etc. 
·       General knowledge of cryptography concepts such as hash functions and symmetric/asymmetric encryption 
·       Knowledge of and experience with applying Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVE) and Open Web Application Security Project (OWASP) processes and remediation recommendations. 
·       Communications skills in Mandarin
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any federal, state, or local protected class.
For US applicants: In accordance with Executive Order 14042, Lenovo adopted a COVID-19 Vaccination Policy for US-based employees. As a condition of employment, employees must adhere to Lenovo’s US Vaccination Policy and be fully vaccinated against COVID-19 by January 18, 2022, subject to any applicable accommodations. To be fully vaccinated by January 18, that means individuals must receive the final dose of a 2-dose vaccine (e.g., Moderna or Pfizer) or a single dose of Johnson & Johnson’s vaccine by January 4, 2022. This applies to all US based employees and contractors, including remote employees and interns. As a condition of employment, you must provide proof that you are fully vaccinated by January 4, 2022 or during your new employment orientation (for individuals with hire dates after January 4, 2022), or follow Lenovo’s accommodation process.