General Information

Req #
Career area:
Hardware Engineering
United States of America
North Carolina
Thursday, October 13, 2022
Working time:
Additional Locations: 
* Morrisville - North Carolina - United States of America

Why Work at Lenovo

Here at Lenovo, we believe in smarter technology that builds a brighter, more sustainable and inclusive future for our customers, colleagues, communities, and the planet.

And we go big. No, not big—huge.

We’re not just a US$70 billion revenue Fortune Global 500 company, we’re one of Fortune’s Most Admired. We’re transforming the world through intelligent transformation, offering the world’s most complete portfolio of smart devices, infrastructure, and solutions. With more than 71,500 employees doing business in 180 markets, we help millions—not just the select few—experience our version of a smarter future.

The one thing that’s missing? Well… you...

Description and Requirements

Product Security Analyst – ISG Product Security Office

Lenovo Infrastructure Solutions Group’s (ISG) Product Security Office is seeking a Product Security Analyst to support Lenovo ISG’s Secure Development Lifecycle activities and related processes for maintaining a high-level of security in the products and services we sell to our customers.  This position will join an established team of security architects, penetration testers, and security analysts in securing an expanding product and services portfolio and supporting the business’ evolving security needs.

This is a dynamic product security role, with the successful candidate having a solid security knowledge base to draw from; the ability to multi-task across several projects concurrently, adapt, and develop deeper expertise as needed; and be comfortable taking ownership of projects to ensure effective delivery.

Representative responsibilities:

         Analyzing industry standards, guidance, legislation, etc. for applicability, to identify gaps, and to recommend actions and solutions

         Supporting Software and Hardware Bill of Materials (SBOM and HBOM) activities

         Analyzing security weaknesses to identify patterns and root causes, then develop security guidance to address root causes

         Assessing products for compliance with security requirements

         Creating security guidance, compliance, and standards documentation

         Supporting product vulnerability management activities

         Supporting product security certification activities

         Supporting secure development lifecycle initiatives

Position Requirements

Basic Qualifications:

         Three-plus (3+) years of experience in one or more of the following areas: application security, hardware security, system security, security compliance, and/or secure development lifecycles

         Knowledge of secure software development fundamentals

         Experience with analyzing and developing security requirements

         Experience with industry and government security standards and compliance, ideally including one or more of the following: ISO 27000-series, NIST Risk Management Framework (RMF), FISMA, FedRAMP, NIST SP800-series, NIST Cybersecurity Framework, NIST Secure Software Development Framework, Building Security In Maturity Model (BSIMM), PCI-DSS, O-TTPS / ISO 20243, or similar

         Experience in vulnerability management and triage

Key Personal Traits:

         Team player and a self-starter

         Critical thinking, analytical ability, and problem solving

         Strong verbal and written communication skills


Education and Certification Requirements:

         BS in Information Security, Cybersecurity, Management Information Systems, or related degree

         Non-BS degree candidates with additional years of relevant work experience

         Security certification preferred, such as CompTIA Security+, SANS GSEC, or Associate of (ISC)2


         5% (travel typically not needed, but possible on occasion post-COVID)

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any federal, state, or local protected class.

Lenovo adopted a COVID-19 Vaccination Policy for US-based employees. As a condition of employment, employees must adhere to Lenovo’s US Vaccination Policy and be fully vaccinated against COVID-19, subject to any applicable accommodations. To be fully vaccinated means individuals must receive the full series of a vaccine either approved by the FDA or WHO and listed by the CDC (e.g. two dose of the Moderna, AstraZeneca or Pfizer-BioNTech vaccines; or one dose of the Johnson & Johnson vaccine). This applies to all US-based employees, contractors and interns, regardless of work location. As a condition of employment, you must provide proof that you are fully vaccinated or follow Lenovo’s accommodation process.

* Morrisville - North Carolina - United States of America