Sr Product Security Engineer (West Coast)

Lenovo is seeking a senior level Product Security Engineer who will work in Lenovo's Data Center Group to align products and create processes that further build Lenovo's strength and capabilities in serving all customer segments. This role will develop and drive secure SW development lifecycle activities such as security standards, processes, and testing to ensure Lenovo's Data Center products meet security requirements and eliminate security vulnerabilities. This is inherently an expansive product security role, with the ideal candidate being able to multi-task, adapt, and service diverse security needs as they emerge. These diverse needs will require the candidate to have a broad security knowledge base to draw from, and rapidly develop deeper expertise as required.This role is well suited to candidates that thrive on wide-ranging tasks and challenges, with each day holding the potential for solving new problems, learning new things, or working with new teams, suppliers, partners or technologies. This is not a role for candidates that do best when single tasking or focusing exclusively on a cradle-to-grave project.Responsibilities will include but not be limited to the following:??? Thought leadership in Secure Application Development and Information Security??? Analysis and assistance in the design of security solutions for embedded and software development;??? Support Product Security Incident Response (PSIRT) teams to quickly and accurately assess software risk of vulnerabilities and provide technical guidance to development teams;??? Develop and contribute to information security standards, procedures, and guidelines across multiple platform and application environments;??? Identify and document product security risks and propose mitigating controls;??? Contribute to the implementation of the Lenovo Secure Development Lifecycle process;??? Provide vulnerability assessment reports to key stakeholders;??? Conduct continuous analysis of security threat information (viruses, malicious code, potential backdoors, industry events, hackers, zero day exploits, OEM weaknesses, IDS/IPS and SIEM alerting, potential problems with BIOS & Firmware, in order to proactively assess and investigate emerging threats and potential impact to Lenovo products; ??? Assess the applicability of threat and vulnerability feeds, rate the risk and communicate to appropriate parties;??? Recommend corrective actions to mitigate security threats and risks to selected products;??? Communicate identified changes in threats and vulnerabilities based on trend analysis and concerns generated from customers and potential customers;??? Create reports to demonstrate assessment coverage and remediation effectiveness, and working with the Product engineers and software teams to insure corrective actions are implemented;??? Identify and develop new tools, tactics and procedures for changing threat scenarios;??? Develop trend and research analysis techniques to identify new detection methods for attack vectors;??? Work directly with technical staff and leadership to promptly assess and implement mitigating controls to new attach vectors and changing threat landscape; and??? Identify, evaluate and communicate new and ongoing security threats to senior management.??? Work with software designers, developers, and testers to review, assist, and recommend changes and solutions to functionality to address the security of Lenovo and third party developed softwarePosition may be located in Raleigh, NC or the West Coast.
Position Requirements
Basic Requirements:??? 7+ years of experience as a product security engineer/architect, or tester ??? Bachelors Degree in Computer Science or related discipline??? Prior secure coding and development experience, must be able to read and understand C, C++, Java, or other types of development languages;Preferred Requirements:??? Extensive knowledge and experience with physical and virtual server configurations and implementations. ??? Broad knowledge of many aspects of information security with an understanding and experience in the following areas: Corporate Information Security mitigation techniques such as firewalls, IDS/IPS, VPN, web application firewalls, authentication technologies, Web Filtering, Proxy Firewalls, network taps and tap aggregators;??? Knowledge and experience with diverse IT products, architectures and enterprise IT data centers, large scale transaction processing environments, external hosted services and cloud computing environments. ??? Ability to multi-task and achieve results working in a high-pressure environment while adapting to the changing demands of the business.??? Security-related certifications a plus
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.

More Jobs

Sr. Application Security Engineer
San Mateo, CA Visa
Electrical Construction Field Engineer - West ...
Santa Fe Springs, CA Kiewit
Sr. Product Systems Engineer
Carlsbad, CA Molex
Project Engineer - West Coast Region
Santa Fe Springs, CA Kiewit
Sr. Product Validation Engineer
San Jose, CA Integrated Device Technology, Inc.