Lenovo

Come be a part of the next generation of Managed Services and Solutions for the Lenovo Industry Solutions Unit (ISU)! Lenovo is looking for an extraordinary Security Architect. If you have practical and strategic experience implementing security architectures, tools, practices, processes, and strategies, and know-how to collaborate with a geographically distributed team, then let’s talk about your next career opportunity! You’ll be a member of an organization with a vision to deliver exceptional experiences for our customers. 

The ISU Security Architect will secure the Lenovo ISU solution offerings and managed services by determining requirements; planning, implementing, evaluating and testing solutions to meet security requirements; preparing security standards, policies, and procedures; mentoring team members. 
This role will work with Lenovo’s ISU R&D team, DevOps, Cloud Ops, and security teams across Lenovo to reduce risk and to deliver highly-secure solutions.  The ISU Security Architect will think strategically and execute tactically on complex problems that span different  IT and operational technology.  

Core to the ISU mission is bringing new solution offerings to market. The ISU security architect will assess solutions, that are internally developed and/or provided by third parties, to ensure the solutions follow best security practices and comply with Lenovo security policies. 

 
Responsibilities: 

• Design and help implement cloud and application security architectures for all of Lenovo ISU solutions and managed service offerings 
• Determine security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues 
• Drive security architecture for managed services and solution designs (e.g., credential management, access provisioning, authentication and authorization, data security, network security, device security, application security, infrastructure security, security monitoring, and operations security) 
• Maintain security posture by overseeing and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting internal and external training programs 
• Accountable for effective internal partnerships with peer Lenovo security teams to guarantee design, implementation, and compliance of the managed service 
• Communicate cloud, application and device risks to both technical and non-technical audiences to ensure the appropriate solutions and recommendations are identified 
• Lead the security assessment and validation of internally developed solutions that will be offered commercially to Lenovo customers. 
• Manage and validate the security risk of external partner solutions and assist in onboarding and integration of those solutions including detailed assessment of partner corporate and product security policies, practices, software and hardware implementations, integrations, and use of open source software. 

You will be a great fit if you have: 

• BS in Computer Science, Electrical Engineering, Physics, or Mathematics and 9+ years in information technology 
• 5+ years  of information technology security solutions architecture experience, designing complex, multi-layered solutions in global, distributed environments 
• 3+ years in cloud-based environments (AWS, GCP, Azure, etc.) including SaaS, Pass, and IaaS technologies 
• One or more security certifications such as CISSP, CCSP, CSSLP, CEH, OCSP, Security+ 
• Experience with secure DevSecOps and Secure Development Lifecycle (SDLC) 
• Experience threat modeling edge devices and/or IoT systems 
• Experience with native security controls in AWS, GCP, and/or Azure 
• Experience with micro-service/deployment architectures such as Docker and Kubernetes 
• Experience leading secure code development and review 
• Experience operating as a self-starter/solo SME working in a fast-paced, environment.  Start-up experience highly desired in addition to enterprise-level roles 
• Excellent communications, time management, and interpersonal skills 

Preferred Qualifications and Certifications 

• Master’s Degree or equivalent preferred 
• CISSP certification 
• AWS, Azure or Google Cloud Certified 
• Experience applying NIST and IoT Security Frameworks 
• Experience with software maturity models such as BSIMM and/or Open SAMM 
• Experience in deploying IoT solutions