Lenovo

In this role you will work with Lenovo’s PC & SD product teams in Brazil and around the world to help them deliver secure products, and to drive security requirements into partner- and vendor-developed products delivered to customers by Lenovo. You will be responsible for driving Lenovo's Security Development Lifecycle process in appropriate stages of product development cycles, and providing technical guidance to product development and engineering teams.

Practical experience is critical for effectively driving secure development practices.  An understanding of the product development process is key to effectively influence the practices, behaviors and understanding of developers.  Therefore, candidates with strong development backgrounds who have developed product security knowledge, training and experience will be given highest consideration.

Primary Responsibilities:
- Evaluating the security of product architecture proposals, driving security requirements, and logging concerns
- Using security static and dynamic analysis tooling to review and test applications, and interpreting results
- Performing source code reviews ensuring that Secure Development Lifecycle and secure development best practices are followed
- Presenting products for approval by the Security Review Board
- Acting as a Secure Development Lifecycle evangelist, disseminating knowledge related to product and infrastructure security
- Supporting the preparation and creation of infrastructure for projects to be developed
- Supporting cybersecurity environments used by Lenovo Brazil partners

Required Qualifications:
- 1 year of experience in PC cybersecurity

Preferred Qualifications:
- Bachelors degree in Computer Science, Computer Engineering or related field with 3+ years relevant experience; or Master’s degree with 2+ years relevant experience; or equivalent experience
- Experience in developing apps for Windows and Linux using programming languages, such as C, C++, C# .NET, and Java
- Experience with application debug and pen testing and related tools
- Active general industry knowledge of the latest application vulnerabilities and exploits
- Understanding of general secure development practices: code review, static analysis, OWASP, etc.
- General knowledge of cryptography concepts such as hash functions and symmetric/asymmetric encryption
- An understanding and ability to communicate the tactics, techniques, and procedures of an attacker
- Strong written and verbal communication skills – this role requires communicating with and influencing engineers and managers, as well as communicating with diverse and global teams
- Experience with the application of threat modeling or other risk identification techniques
- Detailed knowledge of security vulnerabilities and remediation techniques
- Results-oriented, self-motivated