Sr Software Security Architect

Lenovo is seeking a Sr Software Security Architect to work in Lenovo's Corporate Product Security Office. This individual will provide expertise and oversight in secure SW design and development, verification/testing, and security issue resolution across multiple SW areas such as BIOS/UEFI, firmware, drivers, and windows/android applications.The scope of the role will range from support for the development and maintenance of product security standards, to security reviews and validation of SW applications, to hands-on technical triage and remediation of field vulnerabilities. Primary responsibilities: Related to the stages of SDLC, the Sr Software Security Architect will provide technical guidance to globally distributed engineering and SW development teams, including recommending security requirements, performing architecture reviews, creating and reviewing threat models, code design, and verification/testing. Main job tasks and responsibilities include:??? Thought leadership in BIOS and Secure Application Development and Information Security??? Oversight for SDLC process design and implementation, including piloting and executing key elements of SDLC (i.e. requirements, secure architecture, threat modeling, secure coding, and verification)??? Special emphasis and knowledge of firmware and BIOS, and leadership to implement security practices in their development. This could include training for developers in secure BIOS coding, utilization of static and dynamic analysis tools for BIOS/UEFI, and other testing tools and validation techniques??? Support for Product Security Incident Response Teams (PSIRT) to quickly and accurately assess software risk of vulnerabilities and provide technical guidance for remediation to development teams??? Work with software designers, developers, and testers to review, assist, and recommend changes and solutions to functionality to address the security of Lenovo and third party developed offerings??? Develop and contribute to product security standards, procedures, and guidelines across multiple SW technology and product application environments??? Contribute to lab ecosystem and testing infrastructure and tooling as required to improve PSO and security stakeholders' effectiveness and productivity??? Identify and document product security risks and propose mitigating controls??? Communicate identified processes and methods to development teams across business areas and global locations??? Identify and develop new tools, tactics and procedures for changing threat scenarios??? Work directly with technical staff and leadership to promptly assess and implement mitigating controls to new attack vectors and changing threat landscape
Position Requirements
Basic Requirements:??? Bachelors Degree in Computer Science, related discipline, or 4+ years of related work experience required??? 5+ years of broad experience in application, network, and system security??? Prior secure coding and development experience, must be able to read and understand C, C++, C#, Java, Python or other types of development languages??? Understanding of secure development fundamentals such as least privilege, attack surfaces, and coding practices (OWASP, SANS Top 25, threat modeling, etc)??? Knowledge of and experience with applying Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVS), and OWASP processes and remediation recommendations??? Knowledge of security related technologies, including but not limited to encryption (both at-rest and in-transit) and related cryptography, and authentication services??? Knowledge of PC architecture and standards and related ecosystem??? Expertise in securing fundamental networking protocols such as DNS, HTTP, HTPS, TCP, UDP, TLS, and IPSECPreferred Requirements:??? Experience in coding and securing BIOS/UEFI a plus for strong candidates??? Vulnerability assessment process and tools experience preferred and familiarity with test tools??? Security-related certifications a plus (CISSP, etc)??? Experience in securing Windows applications and Cloud security is preferable??? Self-motivated & results driven; mid-level leadership skills; ability to motivate and cultivate a collaborative work environment??? Ability to multi-task and achieve results working in a high-pressure environment while adapting to the changing demands of the business
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.

More Jobs

IT Security Architect (CMS/MITA/Risk Managemen...
Raleigh, NC Computer Consultants International
Sr Database Security Engineer
Charlotte, NC Bank of America Corporation