Services Security Test Engineer (Ethical Hacker) **General Information** Req # WD00086205 Career area: Information Technology Country/Region: India State: Karnataka City: BANGALORE Date: Wednesday, July 30, 2025 Working time: Full-time **Additional Locations** : * India - Karnātaka - Bangalore * India - Karnātaka - BANGALORE **Why Work at Lenovo** We are Lenovo. We do what we say. We own what we do. We WOW our customers. Lenovo is a US$57 billion revenue global technology powerhouse, ranked #248 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the world’s largest PC company with a full-stack portfolio of AI-enabled, AI-ready, and AI-optimized devices (PCs, workstations, smartphones, tablets), infrastructure (server, storage, edge, high performance computing and software defined infrastructure), software, solutions, and services. Lenovo’s continued investment in world-changing innovation is building a more equitable, trustworthy, and smarter future for everyone, everywhere. Lenovo is listed on the Hong Kong stock exchange under Lenovo Group Limited (HKSE: 992) (ADR: LNVGY). This transformation together with Lenovo’s world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com , and read about the latest news via ourStoryHub (https://news.lenovo.com/) . **Description and Requirements** What You'll Do Representative responsibilities include: + Working with software designers, developers, project managers, and testers - developing close working partnerships with development teams - to review, assist and recommend changes and solutions to address the security of Lenovo- and third party-developed software + Act as a trusted advisor and subject matter expert to product development and engineering teams - provide advice on secure application design, development and validation + Identify and evaluate needed tools and refine processes and procedures to ensure security reviews are performed correctly. + Define security requirements for Lenovo and third-party development teams. + Act as a Secure Development Lifecycle evangelist, guiding and training development teams within SSG on how to effectively and efficiently apply secure development practices + Conducting product and service security assessments, analyzing weaknesses, formulating mitigations or remediation measures, documenting findings, and working with global product and services teams to ensure proper corrective actions are implemented + Identifying root cause of recurring issues and working with management and the larger SSG Product Security Office team to address programmatically + Assessing risk and prioritizing mitigation and remediation activities + Serving as a security subject matter expert and technical leader to internal and external product and services teams, suppliers, partners, security researchers, and business leaders + Researching, identifying, developing, and/or customizing tools, tactics, and procedures for enhancing security assessment effectiveness + Staying current on threats, vulnerabilities, attack techniques, new tools, and industry trends + Facilitating, supporting, and managing assessments performed by our 3rd-party security partners + Mentoring and collaborating with other security test engineers + Supporting secure development lifecycle initiatives + Installing, configuring, and using products, tools, and operating systems **Position Requirements** Basic Qualifications: + Five-plus (5+) years of practical experience assessing and securing integrated solutions built upon products that power data center and cloud environments – such as application software, APIs, clusters, cloud service configuration, embedded systems, microservices, network storage solutions, operating systems, web applications, etc. + Expertise in hands-on technical security assessments (e.g., penetration testing, vulnerability assessment, red teaming, etc.) + Deep understanding of security weaknesses, identification, exploitation, and remediation + Mastery of security assessment tools and helpers, such as Burp Suite Pro, curl, IDA Pro, Kali, Metasploit, Nessus, nmap, Wireshark, and similar + Mastery of security foundations such as authentication, hardening, least privilege, attack surface reduction, protection rings, cryptography use, static analysis, dynamic analysis, fuzzing, CVSS, CWE, OWASP/SANS/CIS Top X, etc. + Deep knowledge of and comfort with TCP/IP, including using and securing fundamental networking protocols such as TCP, UDP, ICMP, DNS, HTTP, HTTPS, SSH, etc. + Understanding, applied use, and compliance with security standards such as NIST SP800-series, NIST Cybersecurity Framework, FISMA/FedRAMP, ISO 27000-series, PCI-DSS, CIS Benchmarks, and similar + Moderate programming and/or scripting skills in at least one modern programming language + Ability to install, configure, and use products, tools, and operating systems Preferred Skills and Experience: + Performing code reviews and reviewing the results of static analysis tools + Working with geo-diverse teams across different time zones + Strong collaboration skills over application sharing platforms and teleconferencing + Technical consulting background + Knowledge of Lenovo products and services + Security certifications: CISSP, CSSLP, CEH, OSCP, or similar desired Key Personal Traits: + Self-motivated and results driven, able to effectively work independently or as part of a team, able to motivate and cultivate collaborative relationships + A strong technical leader to internal and external teams, suppliers, partners, and security researchers, with the ability to persuade and influence + A critical thinker and problem solver, who is naturally curious and a consummate learner + A good communicator, capable of clearly explaining and documenting security findings and mitigations + Able to navigate sometimes contentious situations and successfully resolve conflicts with respect and professionalism + Adept at multi-tasking and achieving results in a high-pressure environment while adapting to fluid business demands **Additional Locations** : * India - Karnātaka - Bangalore * India - Karnātaka - BANGALORE * India * India - Karnātaka * India - Karnātaka - Bangalore , * India - Karnātaka - BANGALORE **NOTICE FOR PUBLIC** At Lenovo, we follow strict policies and legal compliance for our recruitment process, which includes role alignment, employment terms discussion, final selection and offer approval, and recording transactions in our internal system. Interviews may be conducted via audio, video, or in-person depending on the role, and you will always meet with an official Lenovo representative. Please beware of fraudulent recruiters posing as Lenovo representatives. They may request cash deposits or personal information. Always apply through official Lenovo channels and never share sensitive information. Lenovo does not solicit money or sensitive information from applicants and will not request payments for training or equipment. Kindly verify job offers through the official Lenovo careers page (https://jobs.lenovo.com/en\_US/careers) or contact IndiaTA@lenovo.com. Stay informed and cautious to protect yourself from recruitment fraud. Report any suspicious activity to local authorities.