Jobs · Information Technology · North Carolina

Product Security Engineer – PSIRT

Lenovo · North Carolina, United States · 6 days ago
Information Technology$83/hrFull-time

Responsibilities

  • Independently own end-to-end handling of product security vulnerabilities, from intake through remediation and disclosure
  • Perform hands-on technical investigation and validation of reported issues across software, firmware, and system components
  • Drive cross-functional coordination with development teams to ensure timely and effective remediation
  • Draft security advisories, clearly communicating risk and mitigation to customers
  • Assign and manage CVE, CWE, and CVSS scoring for vulnerabilities
  • Engage with external security researchers, customers, and partners, supporting coordinated vulnerability disclosure (CVD)
  • Identify opportunities to automate vulnerability triage, analysis, and reporting workflows, including use of scripting or AI-based approaches
  • Contribute to PSIRT tooling, automation, and process improvements to support scale and efficiency
  • Monitor external sources and industry channels for vulnerabilities impacting Lenovo products
  • Partner with global stakeholders to ensure consistent PSIRT execution across regions

Qualifications

  • Bachelor’s degree or equivalent experience
  • 5+ years of experience in software engineering, cybersecurity, or a related technical field
  • Experience in at least one of the following areas: PSIRT or vulnerability response, secure software development, vulnerability management or security operations
  • Experience performing technical security investigations or triage
  • Experience with scripting or automation (e.g., Python or similar)
  • Strong written and verbal communication skills
  • Experience working in a PSIRT or coordinated vulnerability disclosure (CVD) environment
  • Software development background, particularly in application or system-level components
  • Experience with bug bounty programs or security research
  • Familiarity with application security concepts and common vulnerability classes
  • Experience building or leveraging automation, tooling, or AI-driven workflows
  • Strong understanding of vulnerability management processes, especially when paired with development experience
  • Familiarity with CVE, CVSS, CWE, and vulnerability disclosure practices
  • Understanding of product ecosystems (e.g., firmware, OS, drivers, applications)

Similar jobs

Product Security Engineer

Origami RiskUnited States· 1 wk ago
RemoteInformation Technology$117k–$146k/yrapply on careers-origamirisk.icims.com