Product Security Analyst
Focused on a bold vision to deliver smarter technology for all, we are developing world-changing technologies that create a more inclusive, trustworthy and sustainable digital society. By designing, engineering and building the world’s most complete portfolio of smart devices and infrastructure, we are also leading an Intelligent Transformation – to create better experiences and opportunities for millions of customers around the world. Join us in defining our world of tomorrow and creating smarter technology for all!
Who You’ll Work With
At Lenovo, we manufacture one of the world’s widest portfolios of connected products, including PCs (ThinkPad, Yoga, Lenovo Legion), tablets, smartphones and workstations as well as augmented and virtual reality (Mirage, ThinkReality) and smart home/office solutions, software and services. Lenovo’s data center solutions (ThinkSystem, ThinkAgile) are creating the capacity and computing power for the connections that are changing business and society.
About Our Team
Lenovo’s Data Center Group (DCG) is seeking a security analyst to join the Product Security Office (PSO) team to support Lenovo DCG’s Secure Development Lifecycle activities and related processes for maintaining a high-level of security in the products and services we sell to our customers. This is a backfill position, joining an established team with expertise in security architecture, analysis, and engineering.
This is inherently an expansive and dynamic product security role, with the successful candidate having a solid security knowledge base to draw from; the ability to multi-task across several projects concurrently, rapidly adapt, and develop deeper expertise as needed; and be comfortable taking ownership of projects to ensure effective delivery.
What You'll Do
• Analyze security weaknesses to identify patterns and root causes and then develop security guidance to address root causes
• Research and map industry security requirements
• Assess products for compliance with security requirements
• Create security guidance, compliance, and standards documentation
• Support product vulnerability management activities
• Support product security certification activities
• Support secure development lifecycle initiatives
• BS in Information Security, Management Information Systems, or technical/engineering degree
• Five-plus (5+) years of experience in one or more areas of application security, hardware security, system security, security compliance, and/or secure development lifecycles
• Knowledge of secure software development fundamentals
• Experience with analyzing and developing security requirements
• Experience with industry and government security standards and compliance, ideally familiar with one or more such as ISO 27000-series, NIST Risk Management Framework / FISMA / FedRAMP / NIST SP800-series), NIST Cybersecurity Framework, PCI-DSS, O-TTPS / ISO 20243, or similar
• Experience in vulnerability management and triage
•Team player and a self-starter
• Critical thinking, analytical ability, and problem solving
• Good verbal and written communication skills
• Security certification preferred, such as Security+ or CISSP
Lenovo is a US$50 billion Fortune Global 500 company, with 57,000 employees and operating in 180 markets around the world. We are #1 PC company on the planet, BCG's 50 most innovative companies, and one of Interbrand’s 100 BEST global brands. Focused on a bold vision to deliver smarter technology for all, we are developing world-changing technologies that create a more inclusive, trustworthy and sustainable digital society. By designing, engineering and building the world’s most complete portfolio of smart devices and infrastructure, we are also leading an Intelligent Transformation – to create better experiences and opportunities for millions of customers around the world.
Learn more about why it’s great to work at Lenovo - https://www.lenovobenefits.com/why-join-lenovo
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.