IT Architecture Specialist **General Information** Req # WD00081218 Career area: Information Technology Country/Region: Hong Kong City: Hong Kong Date: Thursday, April 10, 2025 Working time: Full-time **Additional Locations** : * Hong Kong **Why Work at Lenovo** We are Lenovo. We do what we say. We own what we do. We WOW our customers. Lenovo is a US$57 billion revenue global technology powerhouse, ranked #248 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the world’s largest PC company with a full-stack portfolio of AI-enabled, AI-ready, and AI-optimized devices (PCs, workstations, smartphones, tablets), infrastructure (server, storage, edge, high performance computing and software defined infrastructure), software, solutions, and services. Lenovo’s continued investment in world-changing innovation is building a more equitable, trustworthy, and smarter future for everyone, everywhere. Lenovo is listed on the Hong Kong stock exchange under Lenovo Group Limited (HKSE: 992) (ADR: LNVGY). This transformation together with Lenovo’s world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com , and read about the latest news via ourStoryHub (https://news.lenovo.com/) . **Description and Requirements** **About the job** Join our cybersecurity team as an **Application Security Engineer** and play a key role in promoting secure development practices for our clients. In this position, you will assess and enhance application security, work closely with application teams to create secure architectures, and offer expert security advice. The Job + Application Security Review - Perform thorough evaluations of applications to uncover vulnerabilities and risks. Offer clients remediation recommendations based on risk analysis. + Secure Application Architecture Design - Collaborate with architects and developers to embed security into application design, establish security controls and best practices for software development, and promote DevSecOps initiatives to ensure secure CI/CD implementations. + Attack Surface Evaluation - Identify potential threats and attack vectors in applications and systems, utilize methodologies such as STRIDE, DREAD, and PASTA for risk assessment, and collaborate with application teams to mitigate threats early in SDLC. + Application Security Policy Development - Develop application security policies, standards, guidelines and practices, and provide security recommendations for application teams. + Security Training - Conduct security awareness workshops to promote defense in depth for clients. + Security Research - Investigate emerging threats, vulnerabilities, and security trends, spearhead or support security initiatives and tool integrations, evaluate new technologies for security risks, monitor and analyze key security metrics to gauge effectiveness, and enhance security reporting processes for improved risk visibility. The Person + Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Software Engineering, or related fields. + 2+ years of hands-on experience (preferably in consulting experience) in application security, penetration testing, and DevSecOps. + Proven project experience in vulnerability management, including scanning, manual testing, and remediation planning for clients in FSI, telecom, or critical infrastructure. + Experience in utilizing security tooling: Kali Linux, Nessus, Burp Suite, GitLab CI/CD, OWASP ZAP, Azure, and etc. + Familiar with security frameworks and guidelines such as OWASP, CIS, and ISO 27001. + A holder of one of the following certifications: CISSP, CSSLP, Certified DevSecOps Professional (CDP), and CISP is a plus. + Strong communication skills to collaborate with cross-functional teams. \#LPS **Additional Locations** : * Hong Kong * Hong Kong