This role will require in-depth knowledge of cloud security architecture, secure design practices, cloud infrastructure and application security, and secure software development.
The candidate must be able to work with multiple international teams and lead the driving ofsecurity reviews of and best practices for Lenovo cloud services. He/she will own responsibility for identifying and driving security-related issues to closure with development teams, and will work as part of the Personal Computer & Smart Device Security team to lead assessments ofand define remediation for Lenovo cloud services security.
This person will be required to actively provide design guidance and manage cloud security tools and solutions to protect our cloud environments (both internal data center as well as solutions using IaaS products such as AWS), including engineering solutions and processes.
Job responsibilities will include ownership and execution of activities which include:
• Analyzing and assisting in the design of cloud security solutions for Lenovo cloud-basedservices
• Identifying security risks in Lenovo- and third party-provided services and proposing mitigating controls
• Working with cloud service architects, developers, and testers to review, assist and recommend changes and solutions to functionality to address the security of Lenovo- and third party-developed services
• Analyzing results of security scans of networks/systems for security vulnerabilities, configuration issues and assessing impacts, applying relevant security industry standards and benchmarks (e.g., CVE, SCAP)
• Developing and contributing to implementation of the Lenovo Secure Development Lifecycle and security best practices within the software development process
• Assessing the latest security threats and making recommendations to increase security
• Conducting continuous analysis of security threats, including third-party providers’ vulnerabilities, CVEs, malicious code, potential backdoors, industry alerts, hackers, zero-day exploits, OEM weaknesses, IDS/IPS and SIEM alerting, etc., to proactively assess and investigate emerging threats and potential impact to Lenovo services
• Assessing the applicability of threat and vulnerability feeds, rating the risk and communicating to appropriate parties
• Recommending corrective actions to mitigate security threats and risks to selected services and products
• Communicating identified changes in threats and vulnerabilities based on trend analysis and concerns generated from current and potential customers
• Producing reports to demonstrate assessment coverage and remediation effectiveness, and working with the development teams to ensure corrective actions are implemented
• Identification of internal and external threats that could divulge vulnerabilities that would lead to the misappropriation of customer or company information
• Identifying and developing new tools, tactics and procedures for changing threat scenarios
• Developing trend and research analysis techniques to identify new detection methods for attack vectors
• Working directly with technical staff, vendors, and leadership to promptly assess and implement mitigating controls to new attack vectors and changing threat landscape
• Having the ability to effectively identify, evaluate and communicate new and ongoing security threats to senior management
• Bachelor’s Degree in Computer Science, related area or equivalent related work experience
• 6+ years of demonstrated information security, risk management & compliance experience with the experience in secure cloud services and infrastructure design, and vulnerability management with a minimum 2+ years Cloud Security Architect experience withinfrastructures such as AWS or comparable products.
• Knowledge and experience with diverse IT products, architectures and enterprise IT data centers, large scale transaction processing environments, external hosted services and cloud computing environments
• Knowledge of configuration management, change control, risk assessments, exception management and security baselines (e.g. CIS Baselines, NIST, FIPS Security standards, Government Security guidelines, vendor security technical implementation guides)
• Expertise with Tenable Nessus/Tenable Cloud or comparable security vulnerability management services.
• Strong technical skills and hands on experience assessing threats to multiple operating system platforms, database and application servers, custom and off the shelf applications
• Knowledge of and experience with applying Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVS and Open Web Application Security Project (OWASP)) processes and remediation recommendations
• Experience in conducting security architecture assessments on third-party- provided services, web-based services and REST applications
• Experience performing static analysis and security code reviews
• In depth knowledge of the security related technologies, including but not limited
transport and at rest encryption and related cryptography, authentication services
• CISSP certification desired - CCSP preferred
• Excellent writing and verbal communication skills, interpersonal and presentation skills and theproven ability to influence and communicate effectively
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.