AI Product Security Engineer
Why Work at Lenovo
Description and Requirements
Description
In this role you will work in the Lenovo Product Security Office as part of the Product Security Incident Response Team (PSIRT). The Product Security Engineer will be responsible for assisting with Lenovo's response to product security vulnerabilities, including technical analysis, driving remediation by product teams, and publishing security advisories to communicate mitigation instructions to customers. This role will also drive Lenovo’s vulnerability response efforts for AI security vulnerabilities. Other responsibilities include driving improvements in PSIRT tooling and automation.
Responsibilities:
- Perform hands-on investigation to confirm reported security issues in Lenovo products
- Adapt PSIRT processes to support AI security vulnerability response
- Investigate opportunities to leverage AI to drive PSIRT efficiencies
- Support PSIRT security advisory publication processes
- Assign CVE, CWE, and CVSS scoring for vulnerabilities
- Communicate regularly with internal stakeholders, suppliers, customers, and security researchers
- Set direction, drive improvements and provide oversight for PSIRT tooling and automation
- Engage with the PSIRT community through FIRST.org SIGs and MITRE CVE Program
Basic Qualifications:
- Bachelor’s degree or equivalent experience
- 5+ years’ experience working in a technical environment
- Bring a passion to learn and stay on top of cyber security threats and trends
- Excellent oral and written communication skills
- General understanding of AI, application, network, and system security
- Basic ability to read and understand C, C++, C#, Java, Python, or other types of development languages
Preferred Qualifications:
- 3+ years’ experience working in a software development or DevOps role
- Prior working experience with AI technologies
- Prior experience with Python and web frameworks
- Strong organizational skills with attention to detail and ability to multi-task
- Strong sense of task ownership, and persistence to execute processes from beginning to end
- Familiarity with cybersecurity threats, countermeasures, and issues
- Good understanding of the Lenovo organization and ability to successfully work across regions and functions to solve problems and get things done
- Familiarity with Lenovo product lines and PC, data center, and mobile product ecosystems