General Information

Req #
WD00031164
Career area:
Engineering
Country/Region:
United States of America
State:
North Carolina
City:
Morrisville
Date:
Monday, June 6, 2022
Working time:
Full-time
Additional Locations: 
* Morrisville - North Carolina - United States of America

Why Work at Lenovo

Here at Lenovo, we believe in smarter technology that builds a brighter, more sustainable and inclusive future for our customers, colleagues, communities, and the planet.

And we go big. No, not big—huge.

We’re not just a US$70 billion revenue Fortune Global 500 company, we’re one of Fortune’s Most Admired. We’re transforming the world through intelligent transformation, offering the world’s most complete portfolio of smart devices, infrastructure, and solutions. With more than 71,500 employees doing business in 180 markets, we help millions—not just the select few—experience our version of a smarter future.

The one thing that’s missing? Well… you...

Description and Requirements

Position Description:  Lenovo Infrastructure Solutions Group’s Product Security Office is seeking a Senior Product Security Architect to provide technical security leadership to global development teams, suppliers, industry partners, and business leaders for maintaining a high-level of security in the products we provide to our customers.  This is a backfill position, joining an established team of security architects, penetration testers, and security analysts in securing an expanding product and services portfolio and supporting the business’ evolving security needs.

Location: This position can allow for remote work. 

Primary responsibilities:  This is inherently an expansive product security role, with the ideal candidate being able to multi-task, adapt, and service diverse security needs as they emerge.  These diverse needs will require the candidate to have a broad security knowledge base to draw from, and rapidly develop deeper expertise as required.  Threat modeling and architectural analysis are focus areas.

This role is well suited to candidates that thrive on wide-ranging tasks and challenges, with each day holding the potential for solving new problems, learning new things, or working with new teams, suppliers, partners, or technologies. 


Representative responsibilities include:

  • Serving as a security subject matter expert and technical leader to internal and external product teams, suppliers, partners, security researchers, and business leaders
  • Working with cross-functional leadership to align product security with continually evolving business and market needs and expectations
  • Leading threat modeling and architectural analysis projects
  • Researching, designing, developing, and implementing security best practices, standards, requirements, architectures, tools, tactics, procedures, training materials, etc.
  • Assessing products and related processes andarchitectures for compliance with best practices, standards, and requirements, developing corrective action plans where necessary, and working with stakeholders to successfully implement those plans
  • Evaluating product security designs, emerging security technologies, and systems
  • Researching, developing, and/or customizing security tools and libraries
  • Driving secure development lifecycle initiatives
  • Supporting the Product Security Office and Security Architectural Review Board
  • Supporting product sales efforts and demonstrating product security thought leadership, such as via customer briefings, originating security-related collateral, giving conference presentations, etc.
  • Supporting aspects of Lenovo’s Trusted Supplier Program, special projects, contract reviews, etc.

Position Requirements

Basic Qualifications:

Seven-plus (7+) years of broad experience in application, network, and system security, including:

  • Architecting secure products and solutions
  • Assessing and analyzing security architectures for deficiencies and formulating corrective actions via threat modeling, security baseline analysis, security requirements/architectural reviews, final security reviews and recommendations, etc.
  • Originating security processes, standards, and requirements
  • Integrating security into agile and waterfall development methodologies for enhanced security and efficiency, including concepts such as shift left, shift everywhere, and security as code
  • Expert knowledge of security foundations such as hardening, least privilege, attack surface reduction, protection rings, cryptography use, static analysis, dynamic analysis, fuzzing, CVSS, CWE, OWASP/SANS/CIS Top X, etc.
  • Practical experience implementing and/or supporting security standards, frameworks, and certifications such as BSIMM (Building Security In Maturity Model), NIST SP800-series, NIST Cybersecurity Framework, NIST Secure Software Development Framework, ISO 27000-series, CIS Benchmarks, Common Criteria, FISMA/FedRAMP, and similar
  • Good understanding and working experience with: TCP/IP, including using and securing fundamental networking protocols such as TCP, UDP, ICMP, DNS, HTTP, and SSH; and Operating Systems and Virtualization environments, including Windows, Linux, and VMware

Preferred Skills and Experience:

  • Secure coding and development, including the ability to read and understand at least one modern programming or scripting language
  • Work in or around Data Center environments, including experience securing enterprise-class server, storage, and networking hardware
  • Maturing secure software development lifecycles
  • Working with geo-diverse teams across different time zones
  • Strong collaboration skills over application sharing platforms and teleconferencing
  • Technical consulting background

Key Personal Traits:

  • Self-motivated and results driven, able to effectively work independently or as part of a team, and able to motivate and cultivate collaborative relationships
  • Comfortable working toward what may be loosely defined objectives, clarifying and solidifying those objectives along the way
  • A strong technical leader to internal and external teams, suppliers, and partners, with the ability to persuade and influence
  • A critical thinker and problem solver, who is naturally curious and a consummate learner
  • A good communicator, capable of clearly explaining and documenting security needs
  • Able to navigate sometimes contentious situations and successfully resolve conflicts with respect and professionalism
  • Adept at multi-tasking and achieving results in a high-pressure environment while adapting to fluid business demands

Education Requirements:

  • BS in information security, computer science, engineering, MIS, or similar degree programs
  • Non-BS degree candidates with additional years of relevant work experience
  • Security certifications: One or more of CISSP, CSSLP, or similar

Citizenship Requirement:

  • Must be a US citizen or US national; US permanent residents or candidates requiring sponsorship cannot be considered
 

Travel:

  • 5% (travel typically not needed, but possible on occasion post-COVID)

The base salary range for this position in Colorado is $170,000 - $200,000. Individuals may also be considered for bonus . Lenovo’s various benefits can be found on www.lenovobenefits.com 



#LI-Remote
#LI-RQ1
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any federal, state, or local protected class.

Lenovo adopted a COVID-19 Vaccination Policy for US-based employees. As a condition of employment, employees must adhere to Lenovo’s US Vaccination Policy and be fully vaccinated against COVID-19, subject to any applicable accommodations. To be fully vaccinated means individuals must receive the full series of a vaccine either approved by the FDA or WHO and listed by the CDC (e.g. two dose of the Moderna, AstraZeneca or Pfizer-BioNTech vaccines; or one dose of the Johnson & Johnson vaccine). This applies to all US-based employees, contractors and interns, regardless of work location. As a condition of employment, you must provide proof that you are fully vaccinated or follow Lenovo’s accommodation process.

* Morrisville - North Carolina - United States of America