Sr Manager Software Security

Who You'll Work With

At Lenovo, we manufacture one of the world's widest portfolios of connected products, including PCs (Think Pad, Yoga, Lenovo Legion), tablets, smartphones, and workstations as well as augmented and virtual reality (Mirage, Think Reality) and smart home/office solutions. We are also building an innovative portfolio of software and services that are changing the industry. Lenovo is creating the capacity and computing power for the connections that are changing business and society.

This position is for a Senior Manager Software Security in the Security Center of Excellence for PC and Smart Devices business (PCSD). This is an exciting role where you will be working with a global team of development engineers and security professionals - assessing and securing Lenovo applications and devices. You will work with multiple development teams across Lenovo to ensure that secure development practices are followed, as well as working with security champions to review applications that are preinstalled on Lenovo devices.

You will be working alongside some of the best security teams in the industry.

The security threat landscape presents a wide range of risks to the solutions offered by Lenovo's PC & SD organization - from the Cloud, to PCs, IoT devices, mobile applications and Augmented and Virtual Reality devices. As a Software Security Architect, you will join Lenovo's Global Security Lab, based in Morrisville, NC, as a member of our product security team. This team is responsible for ensuring Lenovo's PC & SD diverse product and technology portfolio is designed, developed and delivered securely for our customers.

• Lead a global team of software security engineers and development security champions to assess the security posture of Lenovo and 3rd party developed applications for Windows and Android devices.
• Conduct security assessments of client applications, both Lenovo developed and 3rd party, using industry-standard tools and techniques to identify vulnerabilities.
• Risk-ranking of identified threats to prioritize mitigation and remediation activities.
• Help train members of development teams in secure development best practices.
• Perform security code reviews of application source code.
• Participate in software design sessions with development teams, analyzing and assisting in the secure design and architecture of PC application software.
• Working with software designers, developers, project managers, and testers – developing close working partnerships with development teams – to review, assist and recommend changes and solutions to address the security of Lenovo- and third party-developed software.
• Act as a trusted advisor and subject matter expert to product development and engineering teams – provide advice on secure application design, development and validation.
• Identify and evaluate needed tools and refine processes and procedures to ensure security reviews are performed correctly.
• Define security requirements for Lenovo and third-party development teams.
• Stay current in the latest security tools, methodologies, and best practices, especially as it relates to Windows and mobile app development.
• Act as a Secure Development Lifecycle evangelist, guiding and training development teams within the Personal Computer & Smart Devices group on how to effectively and efficiently apply secure development practices.

• Bachelor's degree in Computer Science, Computer Engineering, Software Engineering, or related field; or relevant cybersecurity experience of 5+ years.
• 3+ years of management experience managing software developers and/or cybersecurity teams.
• 3+ years of experience in Computer Security with experience in computer programming, secure software design, vulnerability management, and product security testing.
• 3+ years of experience with at least two of the following; C/C++, C# .NET, or Java. 1+ yrs. experience with all of them.
• At least 1 cybersecurity certification such as CISSP or a SANs Cert.

• In-depth knowledge of security concepts and design techniques relating to application, mobile, and web design.
• Ability to perform…