Easter Seals Jobs

PSIRT Vulnerability Manager

General Information

Req #

WD00067080

Career area:

Hardware Engineering

Country/Region:

United States of America

State:

North Carolina

City:

Morrisville

Date:

Friday, June 21, 2024

Working time:

Full-time

Additional Locations :

• United States of America - North Carolina - Morrisville

Why Work at Lenovo

We are Lenovo. We do what we say. We own what we do. We WOW our customers.

Lenovo is a US$62 billion revenue global technology powerhouse, ranked #217 in the Fortune Global 500, employing 77,000 people around the world, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver smarter technology for all, Lenovo has built on its success as the world’s largest PC company by further expanding into growth areas that fuel the advancement of ‘New IT’ technologies (client, edge, cloud, network, and intelligence) including server, storage, mobile, software, solutions, and services.

This transformation together with Lenovo’s world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com , and read about the latest news via ourStoryHub (https://news.lenovo.com/) .

Description and Requirements

Lenovo’s Infrastructure Solutions Group (ISG) is seeking a Product Security Incident Response Team (PSIRT) Vulnerability Manager to support Lenovo ISG’s vulnerability management activities for maintaining a high level of security in the products and services we provide to our customers. This is a backfill for an existing position on the ISG Product Security Office (PSO) team which supports Lenovo ISG’s growing and evolving product security needs. The PSIRT Vulnerability Manager works closely with the Lenovo Corporate PSIRT, customers, and ISG Development teams.

This is a dynamic product security role, with the successful candidate having a solid security knowledge base to draw from; will have experience handling security incidents and/or managing vulnerabilities for technology products; be comfortable communicating with customers, development teams, and stakeholders; and have a natural curiosity for exploring and understanding reported security issues. This position is well suited to candidates that thrive on solving new and unique problems, identifying and planning for future requirements, working with varied technologies, and taking ownership of technical solutions.

Primary responsibilities :

• Serve as a primary PSIRT resource for ISG and our customers

• Act as a Subject Matter Expert concerning ISG products and technologies

• Interface with Development Product Security Leads (PSLs)

• Draft PSIRT security advisory publications and internal ISG advisory communications

• Monitor, investigate, and respond to customer ISG security reports received by the PSIRT and support PSIRT responses to researcher, partner, media, etc. security reports

• Coordinate between PSIRT, ISG PSO, and ISG PSLs to move issues – whether discovered internally or reported externally - from vulnerability to resolution, ensuring data accuracy and timeliness of updates

• Perform hands-on investigation to confirm reported security issues or provide remediation guidance

Position Requirements:

Basic Requirements:

• 5+ years of demonstrated experience in one or more areas supporting PSIRT, CSIRT, security incident response, such as application, hardware, system security, incident handling, vulnerability management, technical customer support, security consulting or similar

• Experience in vulnerability analysis, investigation, management, and triage

• Customer-first mindset with excellent verbal and written communication skills

• Familiarity with best practices and standards for incident response and vulnerability management, such as the FIRST PSIRT Services Framework, ISO/IEC 27035, ISO/IEC 29147, ISO/IEC 30111, and NIST SP800-61

Preferred Requirements:

• Technical knowledge to support hands-on investigation, such as familiarity with network protocols, Linux, and security tools such Nessus, Nmap, and testssl

• Knowledge of hardware, data center, infrastructure technologies, and secure software development fundamentals

• Develop and track metrics to measure remediation timelines

• Analyze security issues to identify patterns and root causes

Key Personal Traits:

• A critical thinker and problem solver, who is naturally curious and a consummate learner

• A good communicator with strong verbal and written presence, capable of clearly explaining technical details

• Ability to think analytically, gain insight and extrapolate information to reach decisions and offer guidance across different contexts

• Adept at multi-tasking and achieving results in what can be a high-pressure environment while adapting to fluid business demands

• Able to cultivate collaborative relationships; navigate sometimes contentious situations; and successfully resolve conflicts – all with respect, equity, and professionalism

• Comfortable working toward what may be loosely defined objectives, clarifying and solidifying those objectives along the way

• Team player, self-starter and entrepreneurial spirit

• Self-motivated and desire to independently drive the maturity of solutions

• Seeks continual improvement through incorporating feedback and guidance

• Persistent, keeping end goals in mind, being mindful of opportunities as they present themselves, and appreciating that “not today” doesn’t mean “not ever”

Education and Certification Requirements:

• Bachelor’s or above degree in Management Information Systems, Information Security, Cybersecurity, Computer Science or other related degree is preferred

• Non-degree candidates with additional years of relevant work experience

• Preferred industry certifications: One or more of CISSP, E|CIH, GCIH, CASP or similar

Citizenship Requirement:

• Must be a US citizen or US national; US permanent residents or candidates requiring sponsorship cannot be considered

Travel:

• 5% (travel typically not needed, but possible on occasion)

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, national origin, status as a veteran, and basis of disability or any federal, state, or local protected class.

Additional Locations :

• United States of America - North Carolina - Morrisville

• United States of America

• United States of America - North Carolina

• United States of America - North Carolina - Morrisville