Staff Researcher - App Sec Expert

We are Lenovo. We do what we say. We own what we do. We WOW our customers.

Lenovo is a US$69 billion revenue global technology powerhouse, ranked #196 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the world’s largest PC company with a full-stack portfolio of AI-enabled, AI-ready, and AI-optimized devices (PCs, workstations, smartphones, tablets), infrastructure (server, storage, edge, high performance computing and software defined infrastructure), software, solutions, and services. Lenovo’s continued investment in world-changing innovation is building a more equitable, trustworthy, and smarter future for everyone, everywhere. Lenovo is listed on the Hong Kong stock exchange under Lenovo Group Limited (HKSE: 992) (ADR: LNVGY).

This transformation together with Lenovo’s world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com, and read about the latest news via our StoryHub.

Lenovo Digital Trust Lab is seeking an Application Security Expert focused on securing AI-driven applications across Lenovos hybrid AI ecosystem. This role combines classic application security expertise (web, mobile, APIs) with deep knowledge of LLM-powered interfaces, agent integrations, and AI-native threat models.

You will assess, design, and implement controls for AI applicationscovering prompt-based interactions, model APIs, multi-agent workflows, and integrations with enterprise services. Beyond assessments, you will also partner with developers to embed security by design, enforce trust boundaries, and evolve secure coding practices for AI-enhanced systems.

Job Responsibilities

• Perform application security reviews for AI applications, including LLM-based user interfaces, agent tool integrations, and API gateways.
• Conduct threat modeling and penetration testing for AI applications, identifying risks such as prompt injection, model misuse, API abuse, and data leakage.
• Design and enforce authentication, authorization, and session management controls for AI-native interactions.
• Collaborate with AI researchers and product teams to integrate input/output validation, content moderation, and guardrails into applications.
• Contribute to policies, standards, and best practices for AI application security across the organization.
  
  

• B.Sc. or M.Sc. in Computer Science, Cybersecurity, or related technical field.
• 5+ years of experience in Application Security / AppSec Engineering.
• Strong background in web/mobile/API security
• Hands-on experience with penetration testing tools and secure development frameworks.
• Familiarity with AI/ML application architectures (LLM APIs, orchestration frameworks, embedding pipelines).
  
  

• Experience with AI-specific security risks: prompt injection, data leakage, jailbreak attacks, adversarial inputs.
• Knowledge of agentic AI frameworks (LangChain, AutoGen, Semantic Kernel, etc.) and related risks.
• Familiarity with cloud security controls for AI services (AWS, Azure, GCP AI platforms).
• Experience in content filtering, policy enforcement, or guardrail frameworks (NeMo Guardrails, Llama-Guard, etc.).