Position Description: The Lenovo Data Center Group’s Product Security Office is seeking a Sr. Security Architect to provide technical security leadership to global development teams, suppliers, industry partners, and business leaders for maintaining a high level of security in the products we sell to our customers. This is a new position, joining an established team of security architects and penetration testers in securing an expanding product portfolio and supporting the business’ evolving product security needs. This is inherently an expansive product security role, with the ideal candidate being able to multi-task, adapt, and service diverse security needs as they emerge.  These diverse needs will require the candidate to have a broad security knowledge base to draw from, and rapidly develop deeper expertise as required. This role is well suited to candidates that thrive on wide-ranging tasks and challenges, with each day holding the potential for solving new problems, learning new things, or working with new teams, suppliers, partners or technologies.  This is not a role for candidates that do best when single tasking or focusing exclusively on a cradle-to-grave project. Representative responsibilities include: • Serving as a security subject matter expert and technical leader to internal and external product teams, suppliers, partners, security researchers, and business leaders • Working with cross-functional leadership to align product security with continually evolving business and market needs and expectations • Researching, designing, developing, and implementing firmware, software, and product security best practices, standards, requirements, architectures, tools, tactics, procedures, training materials, etc. • Assessing products and related processes and architectures for compliance with best practices, standards, and requirements, developing corrective action plans where necessary, and working with stakeholders to successfully implement those plans • Evaluating product security designs, emerging security technologies, and systems, such as for next-generation x86 servers • Researching, developing, and/or customizing security tools and libraries • Driving secure development lifecycle initiatives • Supporting the Product Security Office and Security Architectural Review Board • Supporting product sales efforts and demonstrating product security thought leadership, such as via customer briefings, originating security-related collateral, giving conference presentations, etc. • Supporting product security-related aspects of Lenovo’s Trusted Supplier Program, special projects, contract reviews, etc. #### Position Requirements: Basic Qualifications: • Seven + years of broad experience in application, network, and system security, including: • Architecting secure products and solutions • Analyzing existing product/solution architectures for security deficiencies and formulating corrective actions • Originating security processes, standards, and requirements • Secure coding and development, including the ability to read and understand at least one modern programming language • Experience maturing secure software development lifecycles and performing security assessments • Minimum BS in information security, computer science, engineering, MIS, or similar degree programs • Security certifications: One or more of CISSP, CSSLP, CSSP, or similar • Experience with TCP/IP, including using and securing fundamental networking protocols such as TCP, UDP, ICMP, DNS, HTTP, and SSH Preferred Skills and Experience: • Hardware Security experience • Understanding of Security foundations such as hardening, least privilege, attack surface reduction, protection rings, cryptography use, static analysis, dynamic analysis, fuzzing, CVSS, CWE, OWASP/SANS/CIS Top X, etc. • Understanding of Security standards such as NIST SP800-series, NIST Cybersecurity Framework, FIPS 140-2, Common Criteria, FISMA/FedRAMP, ISO 27000, PCI-DSS, CIS Benchmarks, and similar • Experience securing embedded systems, firmware, cloud services, network storage solutions, and operating systems • Penetration testing, vulnerability assessment, and reverse engineering, including use of tools such as Burp Suite pro, IDA Pro, Kali, Metasploit, nmap, Nessus, and similar • Supply chain security, including standards such as NIST SP800-161 and ISO 28000 • Work in or around Data Center environments • Working with geo-diverse teams across different time zones • Strong collaboration skills over application sharing platforms and teleconferencing • Technical consulting background The base salary range for this position in Colorado is $130K - $160K. Individuals may also be considered for bonus and/or commission. Lenovo’s various benefits can be found on www.lenovobenefits.com. We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any federal, state, or local protected class.