Job description:
Lenovo is searching for a Sr Cybersecurity Analyst to join our PCSD Product Security Team to help drive the secure design & development of Lenovo’s Cloud Products and to help oversee the operational security of Cloud products in production. The Sr Cybersecurity Analyst will collaborate with Lenovo’s Engineering and Product teams around the world to continuously improve the security posture of all cloud products and services in alignment with Lenovo Security policies, standards, and processes as well as local, regional and international security standards and regulations, including AI. The ideal candidate will have experience with cloud cybersecurity best practices and modern DevSecOps automation tools, and good knowledge of Application Security. AWS, Azure, GCP, Alibaba and AliCloud Security experience is a plus. We are looking for someone with a security mindset who "thinks like an attacker".
Responsibilities:
Perform cybersecurity control and risk assessments of proposed and existing products and infrastructure architecture for compliance with Lenovo Requirements and international cloud security best practices, recommending technical, administrative and physical remediations and mitigations for identified risks and vulnerabilities
Develop service security and compliance requirements for SaaS multi-tenant systems
Design and develop cloud security architectures and perform architecture design reviews
Help Design, Implement and Oversee Operation of DevSecOps solutions to secure complex CI/CD pipelines
Implement, maintain and improve existing industry best practices of cloud security controls such as:
Monitoring & Logging
Identity and Access Management
Encryption
Data Security & Privacy
Incident Response & Forensics
WAF, RASP, SIEM, IDS/IPS, etc.
Provide guidance to R&D and Product Management on defining and prioritizing development of secure SaaS offerings
Prepare and deliver training and security awareness activities to the Development and Engineering teams
Acquire relevant knowledge, remain up to date, attend cloud security conferences and be involved with the cloud security community
Drive and help with cloud security strategy, tools, training, processes, and tactics
Basic Qualifications:
3+ years of experience with cloud security (security researcher, security engineer, security architect)
Bachelor’s degree in computer science or related field, or additional 3+ years of cybersecurity experience
2+ years experience with AWS and Azure.
2+ Experience in: Infrastructure security, security SDLC and secure SaaS practices Cloud Product Threat modeling experience
Preferred Qualifications:
Experience doing code review for configuration management tools and scripting languages
Experience with all DevSecOps Tool types including SAST, DAST, IAST, Feature Flag Tools, Threat Modeling, Fuzzing, etc. Experience with FedRAMP certification
Hand-on experience with AWS security best practices and AWS services Security standards and practices (CSA, OWASP, SANS, etc.) Security of relational databases (MySQL, MS SQL Server, Oracle)
Security management certificates (CISSP, CSSLP, CISM, etc.)
Experience presenting at security conferences (e.g., Black Hat, OWASP, etc.)
Familiarity with as many of these as possible; Terraform, Ansible, Jira, Bitbucket, and Confluence, Artifactory, JFrog, GitHub, Jenkins GCP and AliCloud
Experience with GDPR and CCPA
Security reviews for code/design/architecture and requirements
Knowledge of cloud security standards such as CSA CCM, ISO 27017, ISO 27018, Fedramp etc.
Infrastructure Security and IAC Security, Container Security (Docker & Kubernetes) and identity management and authentication systems and protocols (Active Directory, LDAP, SAML, RADIUS)
Linux/Unix and Windows OS Network architecture and security configurations
Python
Cloud security certifications such as CCSK, CCSP, or SANs Cloud-related certs
Lenovo is searching for a Sr Cybersecurity Analyst to join our PCSD Product Security Team to help drive the secure design & development of Lenovo’s Cloud Products and to help oversee the operational security of Cloud products in production. The Sr Cybersecurity Analyst will collaborate with Lenovo’s Engineering and Product teams around the world to continuously improve the security posture of all cloud products and services in alignment with Lenovo Security policies, standards, and processes as well as local, regional and international security standards and regulations, including AI. The ideal candidate will have experience with cloud cybersecurity best practices and modern DevSecOps automation tools, and good knowledge of Application Security. AWS, Azure, GCP, Alibaba and AliCloud Security experience is a plus. We are looking for someone with a security mindset who "thinks like an attacker".
Responsibilities:
Perform cybersecurity control and risk assessments of proposed and existing products and infrastructure architecture for compliance with Lenovo Requirements and international cloud security best practices, recommending technical, administrative and physical remediations and mitigations for identified risks and vulnerabilities
Develop service security and compliance requirements for SaaS multi-tenant systems
Design and develop cloud security architectures and perform architecture design reviews
Help Design, Implement and Oversee Operation of DevSecOps solutions to secure complex CI/CD pipelines
Implement, maintain and improve existing industry best practices of cloud security controls such as:
Monitoring & Logging
Identity and Access Management
Encryption
Data Security & Privacy
Incident Response & Forensics
WAF, RASP, SIEM, IDS/IPS, etc.
Provide guidance to R&D and Product Management on defining and prioritizing development of secure SaaS offerings
Prepare and deliver training and security awareness activities to the Development and Engineering teams
Acquire relevant knowledge, remain up to date, attend cloud security conferences and be involved with the cloud security community
Drive and help with cloud security strategy, tools, training, processes, and tactics
Basic Qualifications:
3+ years of experience with cloud security (security researcher, security engineer, security architect)
Bachelor’s degree in computer science or related field, or additional 3+ years of cybersecurity experience
2+ years experience with AWS and Azure.
2+ Experience in: Infrastructure security, security SDLC and secure SaaS practices Cloud Product Threat modeling experience
Preferred Qualifications:
Experience doing code review for configuration management tools and scripting languages
Experience with all DevSecOps Tool types including SAST, DAST, IAST, Feature Flag Tools, Threat Modeling, Fuzzing, etc. Experience with FedRAMP certification
Hand-on experience with AWS security best practices and AWS services Security standards and practices (CSA, OWASP, SANS, etc.) Security of relational databases (MySQL, MS SQL Server, Oracle)
Security management certificates (CISSP, CSSLP, CISM, etc.)
Experience presenting at security conferences (e.g., Black Hat, OWASP, etc.)
Familiarity with as many of these as possible; Terraform, Ansible, Jira, Bitbucket, and Confluence, Artifactory, JFrog, GitHub, Jenkins GCP and AliCloud
Experience with GDPR and CCPA
Security reviews for code/design/architecture and requirements
Knowledge of cloud security standards such as CSA CCM, ISO 27017, ISO 27018, Fedramp etc.
Infrastructure Security and IAC Security, Container Security (Docker & Kubernetes) and identity management and authentication systems and protocols (Active Directory, LDAP, SAML, RADIUS)
Linux/Unix and Windows OS Network architecture and security configurations
Python
Cloud security certifications such as CCSK, CCSP, or SANs Cloud-related certs