Lenovo

Position Description:

Lenovo Infrastructure Solutions Group’s, Server development team is looking for Senior UEFI and  Security Architect to provide the technical security leadership to global server development teams, suppliers, industry partners, and business leaders for maintaining a high-level of security in the products we provide to our customers.  This is a new position, joining an established team of UEFI and security architects, working an expanding product portfolio and supporting the business’ evolving firmware and security needs.

Primary responsibilities:

This is inherently an expansive product design and security role, with the ideal candidate being able to multi-task, adapt, and service diverse UEFI and security needs as they emerge.  These diverse needs will require the candidate to have a broad security knowledge base to draw from, and rapidly develop deeper expertise as required.  Secure server design, Secure product life-cycle and architectural analysis are focus areas. This role is well suited to candidates that thrive on wide-ranging tasks and challenges, with each day holding the potential for solving new problems, learning new things, or working with new teams, suppliers, partners, or technologies. 

Representative responsibilities include:

• Serving as a security subject matter expert and technical leader to internal and external product teams, suppliers, partners, security researchers, and business leaders
• Help with Design and standards choices on all Lenovo UEFI products
• Working with cross-functional leadership to align product UEFI and security with continually evolving business and market needs and expectations
• Leading architectural analysis projects
• Researching, designing, developing, and implementing security best practices, standards, requirements, architectures, tools, tactics, procedures, training materials, etc.
• Assessing products and related processes and architectures for compliance with best practices, standards, and requirements, developing corrective action plans where necessary, and working with stakeholders to successfully implement those plans
• Evaluating product security designs, emerging security technologies, and systems
• Researching, developing, and/or customizing security tools and libraries
• Driving secure development lifecycle initiatives
• Supporting the Product Security Office and Security Architectural Review Board
• Supporting product sales efforts and demonstrating product security thought leadership, such as via customer briefings, originating security-related collateral, giving conference presentations, etc.
• Supporting aspects of Lenovo’s Trusted Supplier Program, special projects, contract reviews, etc.

Position Requirements

Basic Qualifications:

Seven-plus (7+) years of broad experience in application, network, and system security, including:

• UEFI development experience.
• Architecting secure products and solutions
• Assessing and analyzing security architectures for deficiencies and formulating corrective actions via threat modeling, security baseline analysis, security requirements/architectural reviews, final security reviews and recommendations, etc.
• Originating security processes, standards, and requirements
• Integrating security into agile and waterfall development methodologies for enhanced security and efficiency, including concepts such as shift left, shift everywhere, and security as code
• Good understanding and working experience with: TCP/IP, including using and securing fundamental networking protocols such as TCP, UDP, ICMP, DNS, HTTP, and SSH; and Operating Systems and Virtualization environments, including Windows, Linux, and VMware

Preferred Skills and Experience:

• Secure coding and development, including the ability to read and understand modern programming or scripting languages
• Work in or around Data Center environments, including experience securing enterprise-class server, storage, and networking hardware
• Maturing secure software development lifecycles
• Working with geo-diverse teams across different time zones
• Strong collaboration skills over application sharing platforms and teleconferencing
• Technical consulting background

Key Personal Traits:

• Self-motivated and results driven, able to effectively work independently or as part of a team, and able to motivate and cultivate collaborative relationships
• Comfortable working toward what may be loosely defined objectives, clarifying and solidifying those objectives along the way
• A strong technical leader to internal and external teams, suppliers, and partners, with the ability to persuade and influence
• A critical thinker and problem solver, who is naturally curious and a consummate learner
• A good communicator, capable of clearly explaining and documenting security needs
• Able to navigate sometimes contentious situations and successfully resolve conflicts with respect and professionalism
• Adept at multi-tasking and achieving results in a high-pressure environment while adapting to fluid business demands