Motorola Mobility, a Lenovo Company, is seeking a Product Security Engineer to join their Product Security Incident Response Team (PSIRT). The role involves managing product security vulnerabilities, conducting technical investigations, and collaborating with cross-functional teams to ensure effective remediation.
Responsibilities:
- Independently own end-to-end handling of product security vulnerabilities, from intake through remediation and disclosure
- Perform hands-on technical investigation and validation of reported issues across software, firmware, and system components
- Drive cross-functional coordination with development teams to ensure timely and effective remediation
- Draft security advisories, clearly communicating risk and mitigation to customers
- Assign and manage CVE, CWE, and CVSS scoring for vulnerabilities
- Engage with external security researchers, customers, and partners, supporting coordinated vulnerability disclosure (CVD)
- Identify opportunities to automate vulnerability triage, analysis, and reporting workflows, including use of scripting or AI-based approaches
- Contribute to PSIRT tooling, automation, and process improvements to support scale and efficiency
- Monitor external sources and industry channels for vulnerabilities impacting Lenovo products
- Partner with global stakeholders to ensure consistent PSIRT execution across regions
Requirements:
- Bachelor's degree or equivalent experience
- 5+ years of experience in software engineering, cybersecurity, or a related technical field
- Experience in at least one of the following areas: PSIRT or vulnerability response, Secure software development, Vulnerability management or security operations
- Experience performing technical security investigations or triage
- Experience with scripting or automation (e.g., Python or similar)
- Strong written and verbal communication skills
- Experience working in a PSIRT or coordinated vulnerability disclosure (CVD) environment
- Software development background, particularly in application or system-level components
- Experience with bug bounty programs or security research
- Familiarity with application security concepts and common vulnerability classes
- Experience building or leveraging automation, tooling, or AI-driven workflows
- Strong understanding of vulnerability management processes, especially when paired with development experience
- Familiarity with CVE, CVSS, CWE, and vulnerability disclosure practices
- Understanding of product ecosystems (e.g., firmware, OS, drivers, applications)
- 5+ years of software engineering, cybersecurity, software development, vulnerability management, security operations, and/or technical experience