Product Security Engineer – PSIRT

Posted 2 hours ago
Lenovo
We are Lenovo. We do what we say. We own what we do. We WOW our customers.

Lenovo is a US$83 billion revenue global technology powerhouse, ranked #196 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the world’s largest PC company with a full-stack portfolio of AI-enabled, AI-ready, and AI-optimized devices (PCs, workstations, smartphones, tablets), infrastructure (server, storage, edge, high performance computing and software defined infrastructure), software, solutions, and services. Lenovo’s continued investment in world-changing innovation is building a more equitable, trustworthy, and smarter future for everyone, everywhere. Lenovo is listed on the Hong Kong stock exchange under Lenovo Group Limited (HKSE: 992) (ADR: LNVGY).

This transformation together with Lenovo’s world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com, and read about the latest news via our StoryHub.

In this role, you will work as part of Lenovo’s Product Security Incident Response Team (PSIRT). You will be responsible for supporting the end-to-end response to product security vulnerabilities, including technical investigation, driving remediation with product teams, and publishing security advisories to customers.

This role operates as an experienced individual contributor, capable of independently handling complex vulnerability cases while collaborating across global teams. Candidates may come from PSIRT, software development, vulnerability management, or security research backgrounds, with a strong emphasis on application-level security and the ability to automate and scale workflows.

Responsibilities

  • Independently own end-to-end handling of product security vulnerabilities, from intake through remediation and disclosure
  • Perform hands-on technical investigation and validation of reported issues across software, firmware, and system components
  • Drive cross-functional coordination with development teams to ensure timely and effective remediation
  • Draft security advisories, clearly communicating risk and mitigation to customers
  • Assign and manage CVE, CWE, and CVSS scoring for vulnerabilities
  • Engage with external security researchers, customers, and partners, supporting coordinated vulnerability disclosure (CVD)
  • Identify opportunities to automate vulnerability triage, analysis, and reporting workflows, including use of scripting or AI-based approaches
  • Contribute to PSIRT tooling, automation, and process improvements to support scale and efficiency
  • Monitor external sources and industry channels for vulnerabilities impacting Lenovo products
  • Partner with global stakeholders to ensure consistent PSIRT execution across regions

Qualifications

  • Bachelor’s degree or equivalent experience
  • 5+ years of experience in software engineering, cybersecurity, or a related technical field
  • Experience in at least one of the following areas:
    • PSIRT or vulnerability response
    • Secure software development
    • Vulnerability management or security operations
  • Experience performing technical security investigations or triage
  • Experience with scripting or automation (e.g., Python or similar)
  • Strong written and verbal communication skills
  • Experience working in a PSIRT or coordinated vulnerability disclosure (CVD) environment
  • Software development background, particularly in application or system-level components
  • Experience with bug bounty programs or security research
  • Familiarity with application security concepts and common vulnerability classes
  • Experience building or leveraging automation, tooling, or AI-driven workflows
  • Strong understanding of vulnerability management processes, especially when paired with development experience
  • Familiarity with CVE, CVSS, CWE, and vulnerability disclosure practices
  • Understanding of product ecosystems (e.g., firmware, OS, drivers, applications)
Basic Requirements

  • 5+ years of software engineering, cybersecurity, software development, vulnerability management, security operations, and/or technical experience

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, national origin, status as a veteran, and basis of disability or any federal, state, or local protected class.

Login to Apply Now

Recommended Jobs

Security Analyst

Posted 22 minutes ago

CyberSecurity Architect

Posted 46 minutes ago

AWS Cloud Security Engineer

Posted 46 minutes ago

Cyber Engineer

Posted 1 hour ago