Lenovo

Description:

The security threat landscape presents a wide range of risks to the solutions offered by Lenovo’s Personal Computing & Smart Devices organization – from the Cloud, to PCs, IoT devices, mobile applications, and Augmented and Virtual Reality devices. As a Linux Security Engineer, you will join Lenovo’s Global Security Lab as a member of our product security team. This team is responsible for ensuring Lenovo’s PC & SD diverse product and technology portfolio is designed, developed, and delivered securely for our customers.

Practical experience is critical for effectively driving secure development practices.  An understanding of the product development process is key to effectively influence the practices, behaviors and understanding of developers.  Therefore, candidates with strong development backgrounds who have developed product security knowledge, training and experience will be given highest consideration.

Primary Responsibilities:

• Evaluating the security of product architecture proposals, driving security requirements, and logging concerns
• Assessing the security posture of Lenovo and 3rd party developed applications for Linux
• Using security static and dynamic analysis tooling to review and test applications, and interpreting results
• Performing source code reviews ensuring that Secure Development Lifecycle and secure development best practices are followed
• Presenting products for approval by the Security Review Board
• Acting as a Secure Development Lifecycle evangelist, disseminating knowledge related to product and infrastructure security
• Supporting the preparation and creation of infrastructure for projects to be developed
• Supporting cybersecurity environments used by Lenovo Brazil partners

Required Qualifications:

• Bachelor’s degree in Computer Science, Computer Engineering, or related field with 2+ years relevant experience; or master’s degree with 1+ years relevant experience; or equivalent experience

Preferred Qualifications:

• Experience in developing applications Linux using programming languages, such as C, C++, Python, and Bash scripting
• Experience with application debug and pen testing and related tools
• Active general industry knowledge of the latest application vulnerabilities and exploits
• Understanding of general secure development practices: code review, static analysis, OWASP, etc.
• General knowledge of cryptography concepts such as hash functions and symmetric/asymmetric encryption
• An understanding and ability to communicate the tactics, techniques, and procedures of an attacker
• Strong written and verbal communication skills – this role requires communicating with and influencing engineers and managers, as well as communicating with diverse and global teams
• Experience with the application of threat modeling or other risk identification techniques
• Detailed knowledge of security vulnerabilities and remediation techniques
• Results-oriented, self-motivated