General Information

Req #
WD00001504
Career area:
Engineering
Country:
United States of America
State:
North Carolina
City:
Morrisville
Date:
Wednesday, June 2, 2021
Working time:
Full-time

Why Work at Lenovo

Here at Lenovo, we believe in smarter technology for all, so we spend our time building a society that’s brighter and more inclusive. 

And we go big. No, not big—huge.

We’re not just a Fortune 500 company, we’re one of Fortune’s Most Admired. We’re in 180 countries, working with 63,000 brilliant colleagues and counting. And we’re known for the world’s most complete portfolio of smart technology, from devices to software to infrastructure.

With our ingenuity, we help millions—not just the select few—experience our version of a smarter future. 

The one thing that’s missing? Well… you...

Description and Requirements

Who You’ll Work With

At Lenovo, we manufacture one of the world’s widest portfolios of connected products, including PCs (ThinkPad, Yoga, Lenovo Legion), tablets, smartphones and workstations as well as augmented and virtual reality (Mirage, ThinkReality) and smart home/office solutions.  We are also building an innovative portfolio of software and services which are changing the industry.  Lenovo is creating the capacity and computing power for the connections that are changing business and society.

About Our Team

We are searching for a Threat Modeling Engineer in the Security Center of Excellence for PC and Smart Devices business (PCSD). This is an exciting role where you will be helping to lead the Threat Modeling efforts for our global development teams.  You will be working alongside some of the best security teams in the industry.

What You'll Do

  • Partner with multiple international development teams across business units gaining an in-depth knowledge of products to identify security architecture, data flows, trust boundaries and attack surface.
  • Train members of development teams in threat modeling tools and techniques to become partners with the security organization to create, review and maintain threat models for products.
  • Champion threat modeling practices within the development teams, promoting best industry practices.
  • Review threat models of a variety of products enhancing the process, develop meaningful metrics and tracking improvement of the cybersecurity posture for products and security development maturity.
  • Stay current in the latest security tools, methodologies and best practices, especially as it relates to threat modeling.  

Position Requirements:

Basic Qualifications:

  • Bachelor’s degree in cyber security or relevant field
  • 2+ years of experience creating, maintaining, and reviewing threat models for application development teams using STRIDE.

Preferred Qualifications:

  • Expert level experience with Threat Modeler is highly preferred.
  • Familiarity with development life cycle practices such as Agile.
  • Familiarity with security and privacy frameworks, standards, and regulations like GDPR, CCPA, CSA STAR, ISO 27000 series, NIST, etc.
  • Learns quickly, takes initiative, adaptable, and deeply passionate about cybersecurity.
  • Strong communication skills
  • Multiple industry security certifications such as CISSP, CCSLP, SANS-GGWEB ( or other SANS certs) desired.
  • Some experience with the Threat Modeler tool
  • In-depth knowledge of security concepts and design techniques relating to web, application, mobile, and firmware design.
  • Proficiency in software development practices, release planning, and quality assurance.
  • In-depth knowledge of threat modeling practices, tools, and techniques.
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any federal, state, or local protected class.