Position Description: VMWare Cloud Security Analyst: Lenovo is seeking an experienced and certified VMWare Cloud Security Architect. We are looking for a highly motivated and talented security professional that wants to be a part of protecting the most advanced servers and infrastructure as a service platform in the world. As a key member of our security team, you will support security related projects and issues on Lenovo’s latest and most powerful servers, as well as, it’s infrastructure as a service platform. This includes the development of project plans and schedules as well as the hands-on configuration and maintenance of security applications, service monitoring system, and operating systems. provide recommendations for security improvements Responsibilities: The Cloud Security Architect needs to be experienced with vRealize Suite and VCF architectures, security best practices and operations. Specific experience should include both familiarity with vSphere services across compute, storage and networking and how to leverage them for secure operations, and experience with application platforms (Windows, Linux, OpenShift, Kubernetes, containers) running in the VCF cloud. The candidate needs to demonstrate strong secdevops experience, and strong knowledge of key differences between cloud and on-premises security. This role will require a consultative approach for analyzing cloud architectures and deployments, recommending, and implementing solutions collaboratively that meet customer's cloud infosec requirements. The candidate will be a cloud security subject matter expert and address questions, help peers and staff work through security architectural issues, aid in maturing cloud security strategies, and align with our IaC security baseline. The role requires someone who will be proactive in furthering maturity of practices and process proactively across the professional services and managed services teams. The candidate should possess a high degree of intellectual curiosity and have a strong desire to find and mitigate risks. Applicable candidates will be expected to lead major projects, programs, or processes with significant business impact involving cross-functional team’s development to reduce third party information security risk. The candidate will influence strategic direction and develops tactical plans. The candidate will be responsible for providing comprehensive solutions to complex problems or needs through interactions between internal and external partners ensuring external parties comply with security policies. The candidate will possess extensive technical or functional knowledge in third party risk management, information security, business continuity, and governance. Ability to analyze and interpret security problems and drive problems to closure. #### Position Requirements: Certifications: VCP-Security and VMware, Certified Advanced Professional - Cloud Management and Automation Design VMware Certified Advanced Professional - Data Center Virtualization Deploy, CISSP. Requires in-depth knowledge of ISO 27001 and SOC2 Type 2 compliance. Requires experience and architectural level expertise in hybrid Cloud Architectures and operations. Requires experience with SecdevOps, IaC and architectural level expertise with configuration management tools and platforms. Analysis of cloud architectures, deployments and managed services and to make recommendations on proper security controls. Aid with creation of reference cloud security architectures and security design patterns. Aid in the advancement of cloud specific controls in processes and documentation. Identify process improvement opportunities and possible optimization/automation solutions. Identify and escalate potential policy gaps and enhancements that adapt to changing risk postures. Willingness to actively participate in team discussions and knowledge-sharing. Ability to communicate and work with global cross functional internal and external teams. Effective verbal and written communications. Proficiency in English and Mandarin is a plus Ability to analyze and interpret security problems and drive problems to closure. Qualifications: 5-8 years of experience in information security. 5-8 years of broad knowledge of information security technologies, techniques, and processes. At minimum 3 years hands on work with one or more major IaaS providers. Experience with systems or application architectures. Experience with IaC, SecDevOps. Strong communications both written and verbal with the ability to present control topics to a broad audience. Self-starter with an ability to navigate and collaborate. Effectively within a geographically complex and dispersed global corporation. We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any federal, state, or local protected class.