Lead Threat Modeling Architect - Job at Lenovo in Raleigh, NC

Why Work at Lenovo

Here at Lenovo, we believe in smarter technology for all, so we spend our time building a society that’s brighter and more inclusive.

And we go big. No, not big—huge.

We’re not just a Fortune 500 company, we’re one of Fortune’s Most Admired. We’re in 180 countries, working with 63,000 brilliant colleagues and counting. And we’re known for the world’s most complete portfolio of smart technology, from devices to software to infrastructure.

With our ingenuity, we help millions—not just the select few—experience our version of a smarter future.

The one thing that’s missing? Well… you...

Description and Requirements

About Our Team
We are searching for a Lead Threat Modeling Architect in the Security Center of Excellence for PC and Smart Devices business (PCSD). This is an exciting role where you will be leading the Threat Modeling team that supports our global development teams. You will be working alongside some of the best security teams in the industry.

What You'll Do
• Leads threat modeling training, workshops, and collaborative sessions for a wide array of products and services.
• Partner with multiple international development teams across business units gaining in-depth knowledge of many products in order to design threat models and security architecture solutions for them in order to reduce the attack surface and lower the risk profiles of our products.
• Lead training for global development teams related to threat modeling techniques and our threat modeling tools so that they become partners with the security organization to create, review and maintain threat models for products.
• Champion threat modeling practices within the development teams, promoting best industry practices.
• Develop meaningful metrics for threat modeling and use them to track improvements made to the cybersecurity posture of our product lines.
• Remain current in the latest security technologies, methodologies and best practices, especially as it relates to threat modeling.

Basic Qualifications:
• Bachelor's degree or above in cyber security or a related discipline.
• 3+ years of experience creating, maintaining and reviewing threat models for application development teams, leading threat modeling activities.
• 3+ years experience in Security Architecture assessments of all types
• 3+ years experience with threat modeling practices, tools and techniques.

Preferred Qualifications:
• 7+ years of experience creating, maintaining and reviewing threat models for application development teams, leading threat modeling activities.
• In-depth knowledge of security concepts and design techniques relating to cloud/web application, IOT, client and mobile applications
• Proficiency in software development practices, release planning, and quality assurance.
• Proficient in STRIDE analysis method.
• Expert-level skills with the Threat Modeler Tool.
• Practical experience in Secure Development Lifecycle, DevSecOps.
• Familiarity with security and privacy frameworks, standards and regulations like GDPR, CCPA, CSA STAR, ISO 27000 series, NIST, etc.
• Strong learning ability, strong self-drive, good adaptability and passion for security.
• Strong communication skills in English
• Multiple Industry security certifications such as CISSP, CCSLP, SANS-GGWEB ( or other SANS certs) desired.
• Mandarin and English Fluency
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any federal, state, or local protected class.