Lenovo

At Lenovo, we manufacture one of the world’s widest portfolios of connected products, including PCs (ThinkPad, Yoga, Lenovo Legion), tablets, smartphones and workstations as well as augmented and virtual reality (Mirage, ThinkReality) and smart home/office solutions, AI, and software and services. Lenovo’s data center solutions (ThinkSystem, ThinkAgile) are creating the capacity and computing power for the connections that are changing business and society.

What You’ll Do:

This position is for an SDLC Compliance Security Engineer in the Security Center of Excellence for PC and Smart Device business (PCSD). This is an exciting role that will give you the opportunity to work with product teams around the globe to apply emerging world-wide security and AI laws, regulations, and frameworks through our Security Development Lifecycle. You will join a diverse team of proven security-focused architects and developers. This role will support many types of Lenovo Products sold in every region of the world.

In Summary you will:

• Track and interpret security laws, regulations, and frameworks world-wide
• Write or edit product security standards
• Drive SDLC awareness, adherence, and improvement
• Validate the security program’s effectiveness
• Document PCSD’s security maturity with white papers and presentations
• Respond to product security annexes and attestations in customer bid requests

Position Requirements

Basic Qualifications:

• Bachelors degree in cybersecurity, computer science, computer engineering, or related fields
• 5+ years of cybersecurity experience
• 1+ years of experience with AI/ML technologies and implementing related security controls
• Strong written and verbal communications and interpersonal skills
• Ability to work independently under tight deadlines, responding to changing business and technical conditions with minimal direction

Preferred Qualifications:

• Product development experience
• Familiarity with Python, Java, JavaScript, C/C++, C#, Kotlin, Swift, etc.
• Experience in a regulatory/compliance or government relations role
• One or more of CISSP, CGRC, GSP, CASP+
• Experience working in a world-wide team
• Experience threat modeling both non-generative and generative AI solutions
• Experience with AI model training, inferencing, RAG, prompt engineering, and AI guardrails