PSIRT Engineer / Vulnerability Manager
Morrisville, North Carolina
Employer: Lenovo
Industry: Hardware Engineering
Salary: Competitive
Job type: Full-Time
General Information
Req #
WD00067080
Career area:
Hardware Engineering
Country/Region:
United States of America
State:
North Carolina
City:
Morrisville
Date:
Friday, June 21, 2024
Working time:
Full-time
Additional Locations:
* United States of America - North Carolina - Morrisville
Why Work at Lenovo
We are Lenovo. We do what we say. We own what we do. We WOW our customers.
Lenovo is a US$62 billion revenue global technology powerhouse, ranked #217 in the Fortune Global 500, employing 77,000 people around the world, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver smarter technology for all, Lenovo has built on its success as the world's largest PC company by further expanding into growth areas that fuel the advancement of 'New IT' technologies (client, edge, cloud, network, and intelligence) including server, storage, mobile, software, solutions, and services.
This transformation together with Lenovo's world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com , and read about the latest news via our StoryHub .
Description and Requirements
Lenovo's Infrastructure Solutions Group (ISG) is seeking a Product Security Incident Response Team (PSIRT) Vulnerability Manager to support Lenovo ISG's vulnerability management activities for maintaining a high level of security in the products and services we provide to our customers. This is a backfill for an existing position on the ISG Product Security Office (PSO) team which supports Lenovo ISG's growing and evolving product security needs. The PSIRT Vulnerability Manager works closely with the Lenovo Corporate PSIRT, customers, and ISG Development teams.
This is a dynamic product security role, with the successful candidate having a solid security knowledge base to draw from; will have experience handling security incidents and/or managing vulnerabilities for technology products; be comfortable communicating with customers, development teams, and stakeholders; and have a natural curiosity for exploring and understanding reported security issues. This position is well suited to candidates that thrive on solving new and unique problems, identifying and planning for future requirements, working with varied technologies, and taking ownership of technical solutions.
Primary responsibilities:
Position Requirements:
Basic Requirements:
Preferred Requirements:
Key Personal Traits:
Education and Certification Requirements:
Citizenship Requirement:
Travel:
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, national origin, status as a veteran, and basis of disability or any federal, state, or local protected class.
Additional Locations:
* United States of America - North Carolina - Morrisville
* United States of America
* United States of America - North Carolina
* United States of America - North Carolina - Morrisville
Req #
WD00067080
Career area:
Hardware Engineering
Country/Region:
United States of America
State:
North Carolina
City:
Morrisville
Date:
Friday, June 21, 2024
Working time:
Full-time
Additional Locations:
* United States of America - North Carolina - Morrisville
Why Work at Lenovo
We are Lenovo. We do what we say. We own what we do. We WOW our customers.
Lenovo is a US$62 billion revenue global technology powerhouse, ranked #217 in the Fortune Global 500, employing 77,000 people around the world, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver smarter technology for all, Lenovo has built on its success as the world's largest PC company by further expanding into growth areas that fuel the advancement of 'New IT' technologies (client, edge, cloud, network, and intelligence) including server, storage, mobile, software, solutions, and services.
This transformation together with Lenovo's world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com , and read about the latest news via our StoryHub .
Description and Requirements
Lenovo's Infrastructure Solutions Group (ISG) is seeking a Product Security Incident Response Team (PSIRT) Vulnerability Manager to support Lenovo ISG's vulnerability management activities for maintaining a high level of security in the products and services we provide to our customers. This is a backfill for an existing position on the ISG Product Security Office (PSO) team which supports Lenovo ISG's growing and evolving product security needs. The PSIRT Vulnerability Manager works closely with the Lenovo Corporate PSIRT, customers, and ISG Development teams.
This is a dynamic product security role, with the successful candidate having a solid security knowledge base to draw from; will have experience handling security incidents and/or managing vulnerabilities for technology products; be comfortable communicating with customers, development teams, and stakeholders; and have a natural curiosity for exploring and understanding reported security issues. This position is well suited to candidates that thrive on solving new and unique problems, identifying and planning for future requirements, working with varied technologies, and taking ownership of technical solutions.
Primary responsibilities:
- Serve as a primary PSIRT resource for ISG and our customers
- Act as a Subject Matter Expert concerning ISG products and technologies
- Interface with Development Product Security Leads (PSLs)
- Draft PSIRT security advisory publications and internal ISG advisory communications
- Monitor, investigate, and respond to customer ISG security reports received by the PSIRT and support PSIRT responses to researcher, partner, media, etc. security reports
- Coordinate between PSIRT, ISG PSO, and ISG PSLs to move issues - whether discovered internally or reported externally - from vulnerability to resolution, ensuring data accuracy and timeliness of updates
- Perform hands-on investigation to confirm reported security issues or provide remediation guidance
Position Requirements:
Basic Requirements:
- 5+ years of demonstrated experience in one or more areas supporting PSIRT, CSIRT, security incident response, such as application, hardware, system security, incident handling, vulnerability management, technical customer support, security consulting or similar
- Experience in vulnerability analysis, investigation, management, and triage
- Customer-first mindset with excellent verbal and written communication skills
- Familiarity with best practices and standards for incident response and vulnerability management, such as the FIRST PSIRT Services Framework, ISO/IEC 27035, ISO/IEC 29147, ISO/IEC 30111, and NIST SP800-61
Preferred Requirements:
- Technical knowledge to support hands-on investigation, such as familiarity with network protocols, Linux, and security tools such Nessus, Nmap, and testssl
- Knowledge of hardware, data center, infrastructure technologies, and secure software development fundamentals
- Develop and track metrics to measure remediation timelines
- Analyze security issues to identify patterns and root causes
Key Personal Traits:
- A critical thinker and problem solver, who is naturally curious and a consummate learner
- A good communicator with strong verbal and written presence, capable of clearly explaining technical details
- Ability to think analytically, gain insight and extrapolate information to reach decisions and offer guidance across different contexts
- Adept at multi-tasking and achieving results in what can be a high-pressure environment while adapting to fluid business demands
- Able to cultivate collaborative relationships; navigate sometimes contentious situations; and successfully resolve conflicts - all with respect, equity, and professionalism
- Comfortable working toward what may be loosely defined objectives, clarifying and solidifying those objectives along the way
- Team player, self-starter and entrepreneurial spirit
- Self-motivated and desire to independently drive the maturity of solutions
- Seeks continual improvement through incorporating feedback and guidance
- Persistent, keeping end goals in mind, being mindful of opportunities as they present themselves, and appreciating that "not today" doesn't mean "not ever"
Education and Certification Requirements:
- Bachelor's or above degree in Management Information Systems, Information Security, Cybersecurity, Computer Science or other related degree is preferred
- Non-degree candidates with additional years of relevant work experience
- Preferred industry certifications: One or more of CISSP, E|CIH, GCIH, CASP or similar
Citizenship Requirement:
- Must be a US citizen or US national; US permanent residents or candidates requiring sponsorship cannot be considered
Travel:
- 5% (travel typically not needed, but possible on occasion)
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, national origin, status as a veteran, and basis of disability or any federal, state, or local protected class.
Additional Locations:
* United States of America - North Carolina - Morrisville
* United States of America
* United States of America - North Carolina
* United States of America - North Carolina - Morrisville
Created: 2024-06-24
Reference: WD00067080
Country: United States
State: North Carolina
City: Morrisville
Similar jobs:
-
VP Cybersecurity - Application Security, Vulnerability Management, and CTI
Experis in Raleigh, North Carolina💸 $160000 - $170000 per year