Lenovo
Description and Requirements
Who You'll Work With At Lenovo, we manufacture one of the world's widest portfolios of connected products, including PCs (ThinkPad, Yoga, Lenovo Legion), tablets, smartphones, and workstations as well as augmented and virtual reality (Mirage, ThinkReality) and smart home/office solutions. We are also building an innovative portfolio of software and services which are changing the industry. Lenovo is creating the capacity and computing power for the connections that are changing business and society. About Our Team This position is for a Senior Software Security Architect in the Security Center of Excellence for PC and Smart Devices business (PCSD). You will work with a global team of development engineers and security professionals to assess and secure Lenovo applications and devices. Your responsibilities include ensuring secure development practices across multiple teams, reviewing applications preinstalled on Lenovo devices, and collaborating with top security teams. The role involves addressing security risks across Lenovo's diverse product portfolio, including cloud, PCs, IoT devices, mobile applications, and AR/VR devices. You will be based in Morrisville, NC, as part of Lenovo's Global Security Lab. What You'll Do Lead a global team of security champions to assess the security of Lenovo-developed applications for Windows and Android. Conduct security assessments using industry-standard tools to identify vulnerabilities. Prioritize threats and coordinate mitigation activities. Train development teams in secure development practices. Perform security code reviews and participate in software design sessions to ensure secure architecture. Collaborate with development and testing teams to review and improve software security. Advise product teams on secure application design and development. Evaluate tools and refine processes for security reviews. Define security requirements for development teams. Stay updated on security tools, methodologies, and best practices. Promote secure development lifecycle practices within the organization. Basic Qualifications Bachelor's degree in Computer Science, Engineering, or related field, or 5+ years of cybersecurity experience. At least 2 years in computer security, including secure product design, vulnerability management, and security testing. Experience developing applications for Windows and Android using languages like C# or Java. Familiarity with security testing and reverse engineering tools such as Burp Suite, Kali, ZAP. Preferred Qualifications Knowledge of secure development practices: code review, static analysis, OWASP. Understanding of cryptography concepts such as hash functions and encryption. Experience with CWE, CVSS, CVE, OWASP processes and remediation. Ability to understand and communicate attacker techniques and tactics. Experience with threat modeling and risk identification. Skills in reverse engineering, disassemblers, debuggers, and exploit development is a plus. Knowledge of security vulnerabilities and remediation techniques. Multiple industry security certifications such as CISSP, CCSP, SANS-GEVA, OCSP. Mandarin language skills for communication. We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, veteran status, disability, or any other protected class. #J-18808-Ljbffr
Who You'll Work With At Lenovo, we manufacture one of the world's widest portfolios of connected products, including PCs (ThinkPad, Yoga, Lenovo Legion), tablets, smartphones, and workstations as well as augmented and virtual reality (Mirage, ThinkReality) and smart home/office solutions. We are also building an innovative portfolio of software and services which are changing the industry. Lenovo is creating the capacity and computing power for the connections that are changing business and society. About Our Team This position is for a Senior Software Security Architect in the Security Center of Excellence for PC and Smart Devices business (PCSD). You will work with a global team of development engineers and security professionals to assess and secure Lenovo applications and devices. Your responsibilities include ensuring secure development practices across multiple teams, reviewing applications preinstalled on Lenovo devices, and collaborating with top security teams. The role involves addressing security risks across Lenovo's diverse product portfolio, including cloud, PCs, IoT devices, mobile applications, and AR/VR devices. You will be based in Morrisville, NC, as part of Lenovo's Global Security Lab. What You'll Do Lead a global team of security champions to assess the security of Lenovo-developed applications for Windows and Android. Conduct security assessments using industry-standard tools to identify vulnerabilities. Prioritize threats and coordinate mitigation activities. Train development teams in secure development practices. Perform security code reviews and participate in software design sessions to ensure secure architecture. Collaborate with development and testing teams to review and improve software security. Advise product teams on secure application design and development. Evaluate tools and refine processes for security reviews. Define security requirements for development teams. Stay updated on security tools, methodologies, and best practices. Promote secure development lifecycle practices within the organization. Basic Qualifications Bachelor's degree in Computer Science, Engineering, or related field, or 5+ years of cybersecurity experience. At least 2 years in computer security, including secure product design, vulnerability management, and security testing. Experience developing applications for Windows and Android using languages like C# or Java. Familiarity with security testing and reverse engineering tools such as Burp Suite, Kali, ZAP. Preferred Qualifications Knowledge of secure development practices: code review, static analysis, OWASP. Understanding of cryptography concepts such as hash functions and encryption. Experience with CWE, CVSS, CVE, OWASP processes and remediation. Ability to understand and communicate attacker techniques and tactics. Experience with threat modeling and risk identification. Skills in reverse engineering, disassemblers, debuggers, and exploit development is a plus. Knowledge of security vulnerabilities and remediation techniques. Multiple industry security certifications such as CISSP, CCSP, SANS-GEVA, OCSP. Mandarin language skills for communication. We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, veteran status, disability, or any other protected class. #J-18808-Ljbffr