Job Information
Lenovo PSIRT Vulnerability Manager in Morrisville, North Carolina
PSIRT Vulnerability Manager
General Information
Req #
WD00067080
Career area:
Hardware Engineering
Country/Region:
United States of America
State:
North Carolina
City:
Morrisville
Date:
Friday, June 21, 2024
Working time:
Full-time
Additional Locations :
- United States of America - North Carolina - Morrisville
Why Work at Lenovo
We are Lenovo. We do what we say. We own what we do. We WOW our customers.
Lenovo is a US$62 billion revenue global technology powerhouse, ranked #217 in the Fortune Global 500, employing 77,000 people around the world, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver smarter technology for all, Lenovo has built on its success as the world’s largest PC company by further expanding into growth areas that fuel the advancement of ‘New IT’ technologies (client, edge, cloud, network, and intelligence) including server, storage, mobile, software, solutions, and services.
This transformation together with Lenovo’s world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com , and read about the latest news via ourStoryHub (https://news.lenovo.com/) .
Description and Requirements
Lenovo’s Infrastructure Solutions Group (ISG) is seeking a Product Security Incident Response Team (PSIRT) Vulnerability Manager to support Lenovo ISG’s vulnerability management activities for maintaining a high level of security in the products and services we provide to our customers. This is a backfill for an existing position on the ISG Product Security Office (PSO) team which supports Lenovo ISG’s growing and evolving product security needs. The PSIRT Vulnerability Manager works closely with the Lenovo Corporate PSIRT, customers, and ISG Development teams.
This is a dynamic product security role, with the successful candidate having a solid security knowledge base to draw from; will have experience handling security incidents and/or managing vulnerabilities for technology products; be comfortable communicating with customers, development teams, and stakeholders; and have a natural curiosity for exploring and understanding reported security issues. This position is well suited to candidates that thrive on solving new and unique problems, identifying and planning for future requirements, working with varied technologies, and taking ownership of technical solutions.
Primary responsibilities :
Serve as a primary PSIRT resource for ISG and our customers
Act as a Subject Matter Expert concerning ISG products and technologies
Interface with Development Product Security Leads (PSLs)
Draft PSIRT security advisory publications and internal ISG advisory communications
Monitor, investigate, and respond to customer ISG security reports received by the PSIRT and support PSIRT responses to researcher, partner, media, etc. security reports
Coordinate between PSIRT, ISG PSO, and ISG PSLs to move issues – whether discovered internally or reported externally - from vulnerability to resolution, ensuring data accuracy and timeliness of updates
Perform hands-on investigation to confirm reported security issues or provide remediation guidance
Position Requirements:
Basic Requirements:
5+ years of demonstrated experience in one or more areas supporting PSIRT, CSIRT, security incident response, such as application, hardware, system security, incident handling, vulnerability management, technical customer support, security consulting or similar
Experience in vulnerability analysis, investigation, management, and triage
Customer-first mindset with excellent verbal and written communication skills
Familiarity with best practices and standards for incident response and vulnerability management, such as the FIRST PSIRT Services Framework, ISO/IEC 27035, ISO/IEC 29147, ISO/IEC 30111, and NIST SP800-61
Preferred Requirements:
Technical knowledge to support hands-on investigation, such as familiarity with network protocols, Linux, and security tools such Nessus, Nmap, and testssl
Knowledge of hardware, data center, infrastructure technologies, and secure software development fundamentals
Develop and track metrics to measure remediation timelines
Analyze security issues to identify patterns and root causes
Key Personal Traits:
A critical thinker and problem solver, who is naturally curious and a consummate learner
A good communicator with strong verbal and written presence, capable of clearly explaining technical details
Ability to think analytically, gain insight and extrapolate information to reach decisions and offer guidance across different contexts
Adept at multi-tasking and achieving results in what can be a high-pressure environment while adapting to fluid business demands
Able to cultivate collaborative relationships; navigate sometimes contentious situations; and successfully resolve conflicts – all with respect, equity, and professionalism
Comfortable working toward what may be loosely defined objectives, clarifying and solidifying those objectives along the way
Team player, self-starter and entrepreneurial spirit
Self-motivated and desire to independently drive the maturity of solutions
Seeks continual improvement through incorporating feedback and guidance
Persistent, keeping end goals in mind, being mindful of opportunities as they present themselves, and appreciating that “not today” doesn’t mean “not ever”
Education and Certification Requirements:
Bachelor’s or above degree in Management Information Systems, Information Security, Cybersecurity, Computer Science or other related degree is preferred
Non-degree candidates with additional years of relevant work experience
Preferred industry certifications: One or more of CISSP, E|CIH, GCIH, CASP or similar
Citizenship Requirement:
- Must be a US citizen or US national; US permanent residents or candidates requiring sponsorship cannot be considered
Travel:
- 5% (travel typically not needed, but possible on occasion)
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, national origin, status as a veteran, and basis of disability or any federal, state, or local protected class.
Additional Locations :
United States of America - North Carolina - Morrisville
United States of America
United States of America - North Carolina
United States of America - North Carolina - Morrisville