Lenovo is a US$69 billion revenue global technology powerhouse, ranked #196 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the world’s largest PC company with a full-stack portfolio of AI-enabled, AI-ready, and AI-optimized devices (PCs, workstations, smartphones, tablets), infrastructure (server, storage, edge, high performance computing and software defined infrastructure), software, solutions, and services. Lenovo’s continued investment in world-changing innovation is building a more equitable, trustworthy, and smarter future for everyone, everywhere. Lenovo is listed on the Hong Kong stock exchange under Lenovo Group Limited (HKSE: 992) (ADR: LNVGY).
This transformation together with Lenovo’s world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com, and read about the latest news via our StoryHub. Description and Requirements
This position is for a DevSecOps engineer in the Security Center of Excellence for the Global PC and Smart Devices Business (PCSD). This is an exciting role where you will be working with a global team of development engineers and security professionals. You will work with multiple business units and DevOps teams to implement, configure and administer DevSecOps tools in CI/CD pipelines. You will be working alongside the best security teams in the industry. You’ll be keeping up to date with the latest DevSecOps technology and trends and you’ll have the opportunity to make a big impact on the largest PC company in the world. You should be known for taking initiative to do what needs to be done. You must have excellent organizational skills and you should thrive in a fast-paced environment with multiple partners and projects
As a member on the team, you will be collaborating with team members on your immediate team and other business unit’s DevOps and Development team members. You’ll work closely with other BU’s DevOps teams assisting implementing and maintaining security tools and processes. You’ll be researching and recommending the latest DevSecOps technologies to ensure Lenovo’s CI/CD pipelines remain as secure as possible. You’ll ensure that proper metrics are in place to show improvements in our processes and to identify gaps.
Implement, Integrate, and Maintain tools with your team and other BUs.Identify areas of improvements to our CI/CD pipelines.Research and recommend new tools, processes, and techniques.Perform cybersecurity control and risk assessments of proposed and existing product and infrastructure architecture for compliance with Lenovo Requirements and international cloud security best practices, recommending technical, administrative and physical remediations and mitigations for identified risks and vulnerabilitiesDevelop service security and compliance requirements for SaaS multi-tenant systemsDesign and develop cloud security architectures and perform architecture design reviewsBasic Qualifications:
Bachelor’s degree in a relevant field or equivalent relevant experience5+ years of cybersecurity experience3+ years of DevSecOps experiencePreferred Qualifications:
Experience with Wiz, Snyk, Contrast, Coverity, Checkmarx, Fossa, jFrog, Jenkins, Jira, Confluence, and Bitbucket etc..Demonstrated experience implementing and configuring SAST, DAST, IAST Fuzzing and RASP tools in a CI/CD pipeline.Experience working with developers and as a developer.Experience guiding large software projects from design to deployment with security in mind.Experience threat modeling software projects.Experience implementing and recording appropriate metrics to reflect an accurate picture of progress to management.Ability to successfully work across regions and functions to solve problems and get things doneTechnical certifications like: Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), and Certified Kubernetes Security Specialist (CKS)SANS Certifications such as GIAC Cloud Security and DevSecOps Automation (GCSA), and GIAC Cloud Penetration Tester (GCPN).Public Cloud Provider certifications such as AWS Solutions Architect, AWS Certified Security Specialty, Microsoft Certified: Azure Solutions Architect Expert, Microsoft Certified: Azure Security Engineer Associate, and GCP: Professional Cloud Architect.In-depth knowledge of public cloud providers, especially AWS.Experience with implementing and maintenance with DevSecOps tools.Strong written and verbal communications and interpersonal skills We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, national origin, status as a veteran, and basis of disability or any federal, state, or local protected class. Additional Locations: * United States of America - North Carolina - Morrisville * United States of America * United States of America - North Carolina * United States of America - North Carolina - Morrisville