Lenovo
Description and Requirements
Who You Will Work With At Lenovo, we manufacture one of the world's widest portfolios of connected products, including PCs (ThinkPad, Yoga, Lenovo Legion), tablets, smartphones, workstations, augmented and virtual reality (Mirage, ThinkReality), and smart home/office solutions. We are also building an innovative portfolio of software and services that are changing the industry. Lenovo is creating the capacity and computing power for the connections that are transforming business and society. Overview This position is for a Sr. Cloud Security Architect in the PCSD Security Center of Excellence. You will help create and drive cloud security strategy for a multi-billion dollar organization, the #1 PC maker globally. Your role includes designing and testing the security of Lenovo's Cloud Products and Services. You will work with global engineering and product teams to improve the security posture of all cloud offerings, aligning with Lenovo security policies and international security standards. The ideal candidate should be familiar with cloud cybersecurity best practices, modern DevSecOps tools, and have skills in AWS and Azure Cloud Security. Experience with Alibaba Cloud is a plus. We seek someone with a security mindset who 'thinks like an attacker'. Responsibilities Perform cybersecurity control and risk assessments of product and infrastructure architecture for compliance and best practices, recommending remediations. Develop security and compliance requirements for SaaS multi-tenant systems. Design and review cloud security architectures. Design, implement, and oversee DevSecOps solutions to secure CI/CD pipelines. Implement and improve cloud security controls such as monitoring, IAM, encryption, data security, incident response, WAF, RASP, SIEM, IDS/IPS. Guide R&D and product teams on secure SaaS development. Conduct security training and awareness activities for engineering teams. Stay updated with cloud security developments and participate in community events. Lead cloud security strategies, tools, training, and processes. Basic Qualifications 5+ years in cloud security roles or equivalent cybersecurity experience. Bachelor's Degree in Computer Science or related field, or additional cybersecurity experience. 3+ years experience with AWS and Azure. 2+ years experience in infrastructure security, security SDLC, SaaS security, and threat modeling. Preferred Qualifications Experience with code review, configuration management tools, scripting languages. Experience with DevSecOps tools (SAST, DAST, IAST, threat modeling, fuzzing, etc.), FedRAMP certification. Hands-on experience with AWS security best practices, security standards (CSA, OWASP, SANS), database security. Security certifications (CISSP, CSSLP, CISM) and conference presentations. Experience with Terraform, Ansible, Jira, Bitbucket, Confluence, Artifactory, JFrog, GitHub, Jenkins, GCP, AliCloud. Knowledge of GDPR, CCPA, cloud security standards (CSA CCM, ISO 27017/18, FedRAMP). Experience with container security (Docker, Kubernetes), identity management, Linux/Unix, Windows security, Python, and cloud certifications (CCSK, CCSP, SANs). We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, veteran status, disability, or any protected class. #J-18808-Ljbffr
Who You Will Work With At Lenovo, we manufacture one of the world's widest portfolios of connected products, including PCs (ThinkPad, Yoga, Lenovo Legion), tablets, smartphones, workstations, augmented and virtual reality (Mirage, ThinkReality), and smart home/office solutions. We are also building an innovative portfolio of software and services that are changing the industry. Lenovo is creating the capacity and computing power for the connections that are transforming business and society. Overview This position is for a Sr. Cloud Security Architect in the PCSD Security Center of Excellence. You will help create and drive cloud security strategy for a multi-billion dollar organization, the #1 PC maker globally. Your role includes designing and testing the security of Lenovo's Cloud Products and Services. You will work with global engineering and product teams to improve the security posture of all cloud offerings, aligning with Lenovo security policies and international security standards. The ideal candidate should be familiar with cloud cybersecurity best practices, modern DevSecOps tools, and have skills in AWS and Azure Cloud Security. Experience with Alibaba Cloud is a plus. We seek someone with a security mindset who 'thinks like an attacker'. Responsibilities Perform cybersecurity control and risk assessments of product and infrastructure architecture for compliance and best practices, recommending remediations. Develop security and compliance requirements for SaaS multi-tenant systems. Design and review cloud security architectures. Design, implement, and oversee DevSecOps solutions to secure CI/CD pipelines. Implement and improve cloud security controls such as monitoring, IAM, encryption, data security, incident response, WAF, RASP, SIEM, IDS/IPS. Guide R&D and product teams on secure SaaS development. Conduct security training and awareness activities for engineering teams. Stay updated with cloud security developments and participate in community events. Lead cloud security strategies, tools, training, and processes. Basic Qualifications 5+ years in cloud security roles or equivalent cybersecurity experience. Bachelor's Degree in Computer Science or related field, or additional cybersecurity experience. 3+ years experience with AWS and Azure. 2+ years experience in infrastructure security, security SDLC, SaaS security, and threat modeling. Preferred Qualifications Experience with code review, configuration management tools, scripting languages. Experience with DevSecOps tools (SAST, DAST, IAST, threat modeling, fuzzing, etc.), FedRAMP certification. Hands-on experience with AWS security best practices, security standards (CSA, OWASP, SANS), database security. Security certifications (CISSP, CSSLP, CISM) and conference presentations. Experience with Terraform, Ansible, Jira, Bitbucket, Confluence, Artifactory, JFrog, GitHub, Jenkins, GCP, AliCloud. Knowledge of GDPR, CCPA, cloud security standards (CSA CCM, ISO 27017/18, FedRAMP). Experience with container security (Docker, Kubernetes), identity management, Linux/Unix, Windows security, Python, and cloud certifications (CCSK, CCSP, SANs). We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, veteran status, disability, or any protected class. #J-18808-Ljbffr