Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: InfoSec Jobs - SANS Internet Storm Center InfoSec Jobs

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Sr Penetration Tester
Company Lenovo
Location Morrisville, NC
Preferred GIAC Certifications GCPN, GCFE, GCIH, GPEN, GWAPT, GREM, GXPN
Travel 10%
Salary Not provided
Contact Name Anonymous
Contact Email donotemail/at/
Expires 2022-06-09

Job Description

What You’ll Do:

This position is for a penetration testing Lead in the Security Center of Excellence for the Global PC and Smart Device Business Unit (PCSD). This is an exciting role that will give you the opportunity to work with Product teams around the globe to perform penetration test on PCSD’s many products. You will be working alongside the best security teams in the industry. This roll will be responsible to lead pen testing for PCSD Products sold around the world. This will include scoping and planning pen tests with the development teams and then leading execution of those pen tests. You’ll report findings, produce reports and work with the development and security teams to resolve the issues you and your team members find. Other members of the security team will work with you to assess the overall security and privacy risk of the products you are testing. You’ll stay up to date with the industry’s latest techniques and tools. This role will be testing a variety of products and will be well versed in cloud, client, IoT and hardware penetration testing.

As a lead member of the team, you’ll be mentoring and coaching other team members on your immediate team. You will be researching new penetration tools and techniques. This position will be keeping metrics and KPIs to track the team’s performance over time ensuring that growth, improvements, and gaps are accurately communicated to management. You’ll work with development teams to coordinate penetration tests and ensure that products are tested within an appropriate time frame. As a team leader you will be assisting in communicating the priority and risk of both your and other team member’s security findings to development teams. You will have excellent organizational and communication skills ensuring that development teams, other security team members and management are well informed of the penetration testing team’s activities. You will ensure the team is using documented, standard and appropriate penetration testing mythologies.


Perform penetration tests on PCSD’s Cloud, Client, IoT and hardware products
Work with development and security teams to find and explain security issues, suggest mitigations, and ensure they are mitigated.
Stay up to date on the latest testing tools and techniques ensure both yourself and the teams are using the most effective methods.
Coach and mentor other members of the penetration teams.
Ensure proper KPIs and metrics are being recorded
Schedule penetration tests for product development teams.

Basic Qualifications:

Bachelor’s degree in a relevant field or equivalent relevant experience
5+ years of cybersecurity experience
3+ years of experience of penetration testing
2+ years of acting in a team lead capacity
2+ years of mentoring and coaching others in technical roles.

Preferred Qualifications:

Strong written and verbal communications and interpersonal skills
Ability to work independently as well as function as an integral part of a team, take initiative and ownership in a fast-paced environment
Ability to successfully work across regions and functions to solve problems and get things done
Master’s Degree or equivalent experience in a relevant field
Experience with penetration testing and diagnostic tools such Burp Suite, Kali Linux, tcpdump, wireshark, nmap, fuzzing tools, code analyst tools, DAST tools, Metasploit, etc.
Knowledge of Agile processes
Experience working in a development environment.
Experience building Red / Purple teams.
SANS certifications such as GIAC Cloud Penetration Tester (GCPN), GIAC Certified Forensic Examiner (GCFE), GIAC Certified Incident Handler (GCIH), GIAC Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), GIAC Reverse Engineering Malware (GREM), and GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
EC-Council certifications such as Certified Ethical Hacker (ANSI or Practical)
Offensive Security certiciations such as Offensive Security Certified Professional (OSCP), Offensive Security Experienced Penetration Tester (OSEP), Offensive Security Web Expert (OSWE), Offensive Security Exploit Developer (OSED), and Offensive Security Exploitation Expert (OSEE
Industry security certifications such as CISSP, Security+, etc.
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any federal, state, or local protected class.
Lenovo adopted a COVID-19 Vaccination Policy for US-based employees. As a condition of employment, employees must adhere to Lenovo’s US Vaccination Policy and be fully vaccinated against COVID-19, subject to any applicable accommodations. To be fully vaccinated means individuals must receive the full series of a vaccine either approved by the FDA or WHO and listed by the CDC (e.g. two dose of the Moderna, AstraZeneca or Pfizer-BioNTech vaccines; or one dose of the Johnson & Johnson vaccine). This applies to all US-based employees, contractors and interns, regardless of work location. As a condition of employment, you must provide proof that you are fully vaccinated or follow Lenovo’s accommodation process.