General Information

Req #
Career area:
United States of America
North Carolina
Thursday, June 9, 2022
Working time:
Additional Locations: 
* Morrisville - North Carolina - United States of America

Why Work at Lenovo

Here at Lenovo, we believe in smarter technology that builds a brighter, more sustainable and inclusive future for our customers, colleagues, communities, and the planet.

And we go big. No, not big—huge.

We’re not just a US$70 billion revenue Fortune Global 500 company, we’re one of Fortune’s Most Admired. We’re transforming the world through intelligent transformation, offering the world’s most complete portfolio of smart devices, infrastructure, and solutions. With more than 71,500 employees doing business in 180 markets, we help millions—not just the select few—experience our version of a smarter future.

The one thing that’s missing? Well… you...

Description and Requirements

Lenovo is seeking a Senior Product Security Engineer - PSIRT to work in Lenovo’s Corporate Product Security Office. This individual will provide expertise across multiple SW areas such as BIOS/UEFI, firmware, drivers, and windows applications.

The scope of the role will range from hands-on technical triage and review of field vulnerabilities to providing remediation guidance to contributing to Lenovo’s SDLC.

Main job tasks and responsibilities include:

• Serve as the technical leader of the Product Security Incident Response Team (PSIRT)

• Assess software risk of vulnerabilities and provide technical guidance for remediation to development teams quickly and accurately

• Ensure technical accuracy of Lenovo Security Advisories and other PSIRT communications

• Contribute to Lenovo SDLC processes, standards, and best practices

Basic Requirements:

• Bachelor’s degree in Computer Science, related discipline, or 4+ years of related work experience required

• 5+ years of broad experience in application, network, and system security

• Prior secure coding and development experience, must be able to read and understand C, C++, C#, Java, Python, or other types of development languages

• Understanding of secure development fundamentals such as least privilege, attack surfaces, and coding practices (OWASP, SANS Top 25, threat modeling, etc)

Preferred Requirements:

• Experience developing or security BIOS, firmware, IoT, embedded systems, or related technologies

• Knowledge of PC architecture and code signing processes

• Experience reviewing and validating potential vulnerabilities

• Security-related certifications a plus (CSSLP, CISSP, etc.)

• Knowledge of and experience with applying Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVSS), and OWASP processes and remediation recommendations

• Self-motivated & results driven

• Ability to multi-task and achieve results working in a high-pressure environment while adapting to the changing demands of the business


*We are open to this role being remote for someone on East or Central time zones*

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any federal, state, or local protected class.

Lenovo adopted a COVID-19 Vaccination Policy for US-based employees. As a condition of employment, employees must adhere to Lenovo’s US Vaccination Policy and be fully vaccinated against COVID-19, subject to any applicable accommodations. To be fully vaccinated means individuals must receive the full series of a vaccine either approved by the FDA or WHO and listed by the CDC (e.g. two dose of the Moderna, AstraZeneca or Pfizer-BioNTech vaccines; or one dose of the Johnson & Johnson vaccine). This applies to all US-based employees, contractors and interns, regardless of work location. As a condition of employment, you must provide proof that you are fully vaccinated or follow Lenovo’s accommodation process.

* Morrisville - North Carolina - United States of America