Lenovo is looking to solve the problem of securing its CI/CD pipelines and ensuring the security of its products and infrastructure by implementing DevSecOps tools and processes.
Requirements
- Experience with Wiz, Snyk, Contrast, Coverity, Checkmarx, Fossa, jFrog, Jenkins, Jira, Confluence, and Bitbucket etc..
- Demonstrated experience implementing and configuring SAST, DAST, IAST Fuzzing and RASP tools in a CI/CD pipeline.
- Experience working with developers and as a developer.
- Experience guiding large software projects from design to deployment with security in mind.
- Experience threat modeling software projects.
- Technical certifications like: Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), and Certified Kubernetes Security Specialist (CKS)
- In-depth knowledge of public cloud providers, especially AWS.
Responsibilities
- Implement, Integrate, and Maintain tools with your team and other BUs.
- Identify areas of improvements to our CI/CD pipelines.
- Research and recommend new tools, processes, and techniques.
- Perform cybersecurity control and risk assessments of proposed and existing product and infrastructure architecture for compliance with Lenovo Requirements and international cloud security best practices, recommending technical, administrative and physical remediations and mitigations for identified risks and vulnerabilities
- Develop service security and compliance requirements for SaaS multi-tenant systems
- Design and develop cloud security architectures and perform architecture design reviews
Other
- Bachelor’s degree in a relevant field or equivalent relevant experience
- 5+ years of cybersecurity experience
- 3+ years of DevSecOps experience
- Ability to successfully work across regions and functions to solve problems and get things done
- Strong written and verbal communications and interpersonal skills
