General Information

Req #
Career area:
United States of America
North Carolina
Friday, April 22, 2022
Working time:
Additional Locations: 
* Morrisville - North Carolina - United States of America

Why Work at Lenovo

Here at Lenovo, we believe in smarter technology for all, so we spend our time building a society that’s brighter and more inclusive. And we go big. No, not big—huge. 

We’re a US$60 billion revenue Fortune Global 500 company serving customers in 180 markets around the world. Focused on a bold vision to deliver smarter technology for all, we are developing world-changing technologies that power (through devices and infrastructure) and empower (through solutions, services and software) millions of customers every day and together create a more inclusive, trustworthy and sustainable digital society for everyone, everywhere. 

The one thing that’s missing? Well… you...

Description and Requirements

Lenovo is seeking a Senior Product Security Engineer - PSIRT to work in Lenovo’s Corporate Product Security Office. This individual will provide expertise across multiple SW areas such as BIOS/UEFI, firmware, drivers, and windows applications.

The scope of the role will range from hands-on technical triage and review of field vulnerabilities to providing remediation guidance to contributing to Lenovo’s SDLC.

Main job tasks and responsibilities include:

• Serve as the technical leader of the Product Security Incident Response Team (PSIRT)

• Assess software risk of vulnerabilities and provide technical guidance for remediation to development teams quickly and accurately

• Ensure technical accuracy of Lenovo Security Advisories and other PSIRT communications

• Contribute to Lenovo SDLC processes, standards, and best practices

Basic Requirements:

• Bachelor’s degree in Computer Science, related discipline, or 4+ years of related work experience required

• 5+ years of broad experience in application, network, and system security

• Prior secure coding and development experience, must be able to read and understand C, C++, C#, Java, Python, or other types of development languages

• Understanding of secure development fundamentals such as least privilege, attack surfaces, and coding practices (OWASP, SANS Top 25, threat modeling, etc)

Preferred Requirements:

• Experience developing or security BIOS, firmware, IoT, embedded systems, or related technologies

• Knowledge of PC architecture and code signing processes

• Experience reviewing and validating potential vulnerabilities

• Security-related certifications a plus (CSSLP, CISSP, etc.)

• Knowledge of and experience with applying Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVSS), and OWASP processes and remediation recommendations

• Self-motivated & results driven

• Ability to multi-task and achieve results working in a high-pressure environment while adapting to the changing demands of the business


*We are open to this role being remote for someone on East or Central time zones*

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any federal, state, or local protected class.

Lenovo adopted a COVID-19 Vaccination Policy for US-based employees. As a condition of employment, employees must adhere to Lenovo’s US Vaccination Policy and be fully vaccinated against COVID-19, subject to any applicable accommodations. To be fully vaccinated means individuals must receive the full series of a vaccine either approved by the FDA or WHO and listed by the CDC (e.g. two dose of the Moderna, AstraZeneca or Pfizer-BioNTech vaccines; or one dose of the Johnson & Johnson vaccine). This applies to all US-based employees, contractors and interns, regardless of work location. As a condition of employment, you must provide proof that you are fully vaccinated or follow Lenovo’s accommodation process.

* Morrisville - North Carolina - United States of America