Sr. Product Security Engineer

  • location: Morrisville, NC
  • type: Permanent
easy apply

job description

Sr. Product Security Engineer

job summary:
To avoid delays in having your resume reviewed please forward directly to

Sam.Major@RandstadUSA.com

As a qualified applicant I will respond to you same business day

Our Client is seeking a senior level Product Security Engineer who will work in Lenovo's Data Center Group to align products and create processes that further build Lenovo's strength and capabilities in serving all customer segments. This role will develop and drive secure SW development lifecycle activities such as security standards, processes, and testing to ensure Lenovo's Data Center products meet security requirements and eliminate security vulnerabilities.

This is inherently an expansive product security role, with the ideal candidate being able to multi-task, adapt, and service diverse security needs as they emerge. These diverse needs will require the candidate to have a broad security knowledge base to draw from, and rapidly develop deeper expertise as required.

This role is well suited to candidates that thrive on wide-ranging tasks and challenges, with each day holding the potential for solving new problems, learning new things, or working with new teams, suppliers, partners or technologies. This is not a role for candidates that do best when single tasking or focusing exclusively on a cradle-to-grave project.

 
location: Morrisville, North Carolina
job type: Permanent
work hours: 9 to 5
education: Bachelors
 
responsibilities:
Job Responsibilities:

  • Thought leadership in Secure Application Development and Information Security
  • Analysis and assistance in the design of security solutions for embedded and software development;
  • Support Product Security Incident Response (PSIRT) teams to quickly and accurately assess software risk of vulnerabilities and provide technical guidance to development teams;
  • Develop and contribute to information security standards, procedures, and guidelines across multiple platform and application environments;
  • Identify and document product security risks and propose mitigating controls;
  • Contribute to the implementation of the Lenovo Secure Development Lifecycle process;
  • Provide vulnerability assessment reports to key stakeholders;
  • Conduct continuous analysis of security threat information (viruses, malicious code, potential backdoors, industry events, hackers, zero day exploits, OEM weaknesses, IDS/IPS and SIEM alerting, potential problems with BIOS & Firmware, in order to proactively assess and investigate emerging threats and potential impact to Lenovo products;
  • Assess the applicability of threat and vulnerability feeds, rate the risk and communicate to appropriate parties;
  • Recommend corrective actions to mitigate security threats and risks to selected products;
  • Communicate identified changes in threats and vulnerabilities based on trend analysis and concerns generated from customers and potential customers;
  • Create reports to demonstrate assessment coverage and remediation effectiveness, and working with the Product engineers and software teams to insure corrective actions are implemented;
  • Identify and develop new tools, tactics and procedures for changing threat scenarios;
  • Develop trend and research analysis techniques to identify new detection methods for attack vectors;
  • Work directly with technical staff and leadership to promptly assess and implement mitigating controls to new attach vectors and changing threat landscape; and
  • Identify, evaluate and communicate new and ongoing security threats to senior management.
  • Work with software designers, developers, and testers to review, assist, and recommend changes and solutions to functionality to address the security of Lenovo and third party developed software
 
qualifications:
Desired Qualifications:

  • 7+ years of experience as a product security engineer/architect, or tester
  • Bachelors Degree in Computer Science or related discipline
  • Prior secure coding and development experience, must be able to read and understand C, C++, Java, or other types of development languages;
  • Extensive knowledge and experience with physical and virtual server configurations and implementations.
  • Broad knowledge of many aspects of information security with an understanding and experience in the following areas: Corporate Information Security mitigation techniques such as firewalls, IDS/IPS, VPN, web application firewalls, authentication technologies, Web Filtering, Proxy Firewalls, network taps and tap aggregators;
  • Knowledge and experience with diverse IT products, architectures and enterprise IT data centers, large scale transaction processing environments, external hosted services and cloud computing environments.
  • Ability to multi-task and achieve results working in a high-pressure environment while adapting to the changing demands of the business.
  • Security-related certifications a plus
 
skills: Product Security Experience preferably with Data Center Products

Prior secure coding and development experience, must be able to read and understand C, C++, Java, or other types of development languages with SDLC experience

Broad knowledge of many aspects of information security with an understanding and experience in the following areas: Corporate Information Security mitigation techniques such as firewalls, IDS/IPS, VPN, web application firewalls, authentication technologies, Web Filtering, Proxy Firewalls, network taps and tap aggregators;

  • Ability to multi-task and achieve results working in a high-pressure environment while adapting to the changing demands of the business.
  • Security-related certifications a plus

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

easy apply

get jobs in your inbox.

sign up
{{returnMsg}}

related jobs



    Sr. Technical Engineer

  • location: Morrisville, NC
  • job type: Temp to Perm
  • salary: $59 - $60 per hour
  • date posted: 11/29/2018