Internet Storm Center

Job Description

This position is for a AI Security Automation / DevSecOps Engineer in the Security Center of Excellence for the Global PC and Smart Devices Business (PCSD). This is an exciting role where you will be working with a global team of development engineers and security professionals. You will work with multiple business units and DevOps teams to implement, configure and administer AI and DevSecOps tools in CI/CD pipelines and other parts of the product security review process. You will be working alongside the best security teams in the industry. You’ll be keeping up to date with the latest DevSecOps technology and trends and you’ll have the opportunity to make a big impact on the largest PC company in the world. You should be known for taking the initiative to do what needs to be done. You must have excellent organizational skills and you should thrive in a fast-paced environment with multiple partners and projects

You’ll be researching how AI can integrate with our current processes and tools as well as researching tools that can review and secure products utilizing AI. You’ll be researching and recommending the latest AI technologies to ensure Lenovo’s products remain as secure as possible. You’ll work closely with other BU teams assisting in implementing and maintaining security tools and processes. You’ll ensure that proper metrics are in place to show improvements in our processes and to identify gaps.

In Summary you will:

Research AI tools and develop integration solutions and efficiencies with existing tools and processes to assist with product security reviews.
Identify tools and new developments that assist teams with reviews of products that use AI, e.g. Guardrails, etc.
Implement, Integrate, and Maintain tools with your team and other BUs.
Identify areas of improvement to our CI/CD pipelines.
Research and recommend new AI tools, processes, and techniques.
Collect and report on KPIs and other metrics.
Ensure Lenovo stays a leader in AI tools, techniques, and processes.

Position Requirements


Basic Qualifications:

Bachelor’s degree in a relevant field or equivalent relevant experience
3+ years of cybersecurity experience
1+ years of DevSecOps experience
Knowledge of Artificial Intelligence.
Knowledge of public cloud providers.
Experience with implementing and maintenance DevSecOps tools.

Preferred Qualifications:

Strong written and verbal communications and interpersonal skills
Ability to work independently as well as function as an integral part of a team, take initiative and ownership in a fast-paced environment
Ability to successfully work across regions and functions to solve problems and get things done
Experience leveraging AI in security review processes.
Experience with Contrast, Anchore, WiZ, Coverity, Checkmarx, Defensics, Synk, Fossa, jFrog, Jenkins, Jira, Confluence, and Bitbucket etc..
Experience with SAST, DAST, IAST and RASP tools and implementing them in a CI/CD pipeline.
Experience working with developers and as a developer.
Knowledge of Agile processes.
Experience implementing new solutions and tools.
Experience implementing and recording appropriate metrics to reflect an accurate picture of progress to management.
Ability to successfully work across regions and functions to solve problems and get things done
ISC2 Certifications such as Certificated Information System Security Professional (CISSP), and Certified Cloud Security Professional (CCSP)
SANS Certifications such as GIAC Cloud Security and DevSecOps Automation (GCSA), and GIAC Cloud Penetration Tester (GCPN).
Public Cloud Provider certifications such as AWS Solutions Architect, AWS Certified Security Specialty, Microsoft Certified: Azure Solutions Architect Expert, Microsoft Certified: Azure Security Engineer Associate, and GCP: Professional Cloud Architect.