Product Security Ethical Hacker

The Lenovo PC & Smart Devices security team is growing, and is looking for an experienced cybersecurity professional to fill the role of Product Security Ethical Hacker. In this role you will perform penetration testing to help identify vulnerabilities in Lenovo's products, concentrating on web-based applications and cloud infrastructure, as well as mobile applications.Experience in performing vulnerability assessments and ethical hacking of web and mobile applications is required. A background in software development is strongly desired.Primary responsibilities: This role will require knowledge of application security testing (ethical hacking), secure software and infrastructure design practices, and broad knowledge of application and network vulnerabilities and how to exploit them. Generating reports, communicating with development teams and proposing remediation of issues are key components of the role.Job responsibilities will include ownership and execution of activities, which include:??? Conducting security assessments of applications using industry-standard tools and techniques to identify vulnerabilities.??? Risk-ranking of identified threats to prioritize mitigation and remediation activities.??? Analyzing and assisting in the secure design and architecture of applications and network infrastructure.??? Working with software designers, developers, project managers, DevOps, and testers, to review, assist and recommend changes and solutions to address the security of cloud-based and mobile solutions.??? Analyzing source code for Web and mobile applications for security vulnerabilities.??? Providing vulnerability assessment and penetration test reports to key stakeholders.??? Producing reports to demonstrate assessment coverage and remediation effectiveness, and working with the product engineers and software teams to ensure corrective actions are implemented
Position Requirements
Basic Requirements:??? Bachelor's Degree in Computer Science, related area or equivalent related work experience??? 5+ years of experience in cybersecurity, ethical hacking, vulnerability identification and management, secure design practicesPreferred Requirements:??? Experience performing security assessments of Web and mobile applications.??? Experience performing penetration testing that identifies weaknesses in Web applications and supporting infrastructure, including servers, databases, networks, etc.??? Experience performing code reviews and reviewing the results of static analysis tools.??? Experience with network assessment tools such as Nessus, nmap, curl, netcat, etc.??? Experience with security testing environments and tools, such as Kali, Metasploit, Burp Suite, Wireshark, Fiddler, etc.??? An understanding of vulnerabilities and attack methods, such as remote code execution, privilege escalation, XXE, XSS, SQLi, MitM, session hijacking, CSRF, and other common vulnerabilities, how to test for and identify them, and how to remediate them.??? Knowledge of and experience with applying Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVE) and Open Web Application Security Project (OWASP) processes and remediation recommendations.??? Knowledge of security-related technologies, including but not limited to encryption (both at-rest and in-transit) and related cryptography, and authentication services.??? Knowledge of secure coding best practices.??? A background in software development in Java, C# .NET and/or JavaScript is strongly desired.
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.

More Jobs

Senior Engineer Product Security Engineering
Durham, NC Dell Inc
Technical Analyst Ethical Hacker
Charlotte, NC Bank of America Corporation
Software Product Manager - Device Security
Bynum, NC Lenovo
Senior Auditor - Banking Products
Raleigh, NC U.S. Bank