Security Tool Integration Engineer - Job at Lenovo in Raleigh, NC

Why Work at Lenovo

Here at Lenovo, we believe in smarter technology for all, so we spend our time building a society that’s brighter and more inclusive.

And we go big. No, not big—huge.

We’re not just a Fortune 500 company, we’re one of Fortune’s Most Admired. We’re in 180 countries, working with 63,000 brilliant colleagues and counting. And we’re known for the world’s most complete portfolio of smart technology, from devices to software to infrastructure.

With our ingenuity, we help millions—not just the select few—experience our version of a smarter future.

The one thing that’s missing? Well… you...

Description and Requirements

Who You’ll Work With
At Lenovo, we manufacture one of the world’s widest portfolios of connected products, including PCs (ThinkPad, Yoga, Lenovo Legion), tablets, smartphones and workstations as well as augmented and virtual reality (Mirage, ThinkReality) and smart home/office solutions. We are also building an innovative portfolio of software and services which are changing the industry. Lenovo is creating the capacity and computing power for the connections that are changing business and society.

About Our Team
We are searching for a Security Development Engineer in the Security Center of Excellence for PC and Smart Devices business (PCSD). This is an exciting role where you will apply your application development skills to help build and maintain a security management portal for managing security assessments, vulnerability tracking, and other processes critical to the delivery of secure products to our customers. You’ll work with an international team of product security professionals and will have the opportunity to learn about the high-demand field of cybersecurity. The web portal is developed using PHP, so knowledge of the language and development frameworks, such as ThinkPHP, is required. Familiarity with frontend development technologies, such as HTML, CSS and JavaScript will be needed, as will knowledge of backend technologies like MySQL, Apache and Nginx.

What You'll Do
• Lead development of the existing web portal to meet new requirements from security engineers, project managers, users, and stakeholders
• Ensure that the security portal meets the needs of the security team while they perform reviews, as well as development teams and project managers who will consume the results of the reviews.
• Oversee deployment and maintenance of the portal into an on-premise cloud infrastructure
• Serve as a bridge between the multiple security teams across the globe, ensuring that requirements of all teams are met. • Integrate a variety of DevSecOps tools output with the Lenovo Global Security Lab portal using the DevSecOps Tools native APIs to help automate security team processes and tasks.

Basic Qualifications:
Bachelor’s degree in Computer Science, Computer Engineering or related field
5+ years relevant experience; or master's degree
3+ years relevant experience; or equivalent experience 3+ years software development experience with Java, Python and PHP web applications
3+ years experience in secure software development and software security testing

Preferred Qualifications:
Experience with PHP development Familiarity with ThinkPHP or similar development framework
Experience with frontend development, including HTML, CSS and JavaScript Knowledge of backend technologies, including databases, MySQL, Apache and Nginx
Strong written and verbal communication skills – this role requires communicating with stake holders, users, project managers, and security engineers, as well as communicating with diverse and global teams
Familiarity with Atlassian APIs for Jira and Confluence for importing existing datasets
Familiarity with a wide range of security testing tools
Extensive knowledge of software security vulnerability mitigation & remediation techniques
Strong understanding of general secure development practices: code review, static analysis, dynamic analysis, and tools for SAST, DAST, IAST, Threat Modeling, etc.
Extensive knowledge of OWASP security practices and tools
Familiarity with a variety of DevSecOps tools Testing Automation Experience
Extensive experience with CVSS, CVE, CWSS, CWE software vulnerability and software weakness scoring
Experienced with Agile development methodology, processes and tools
Mandarin Fluency
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any federal, state, or local protected class.