Senior SOC Engineer, Cloud Security
Lowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving more than 18 million customers a week in the United States, Canada and Mexico. With fiscal year 2017 sales of $68.6 billion, Lowe’s and its related businesses operate or service more than 2,390 home improvement and hardware stores and employ over 310,000 people. Founded in 1946 and based in Mooresville, N.C., Lowe’s supports the communities it serves through programs that focus on K-12 public education and community improvement projects. For more information, visit Lowes.com.
The Senior SOC Engineer, Cloud Security will serve as the senior and leading dedicated Subject Matter Expert (SME) for the Security Operations Center (SOC) for all aspects of cloud platform information security, to include assessing platform capabilities, leveraging available security functionality and tools and leading efforts to manage monitoring and incident response. This will include implementation of Security Information and Event Management (SIEM) logic/rule/alert development for Lowe’s cloud and allied business monitoring and incident response initiatives.
The incumbent will have shared responsibility for validating that tools and processes are effectively supporting security incident logging and monitoring objectives and for validating the proper creation of actionable cybersecurity events and incidents across the Lowe’s cloud and allied business environment. The Analyst works among a team of skilled technicians to address complex or difficult problems as needed within a 24×7 SOC environment. The Analyst also is responsible for following processes and procedures as identified by SOC Leadership to ensure the continuous improvement to monitoring, detection and mitigation capabilities.
• Research and assess the security capabilities and functionality of new or existing cloud platforms and perform gap and/or integration analysis as needed.
• Recommend specific tools and processes to maximize monitoring and response capability.
• Engineer logging and collection of security event data and transmission to technology components for security incident analysis.
• Ensure the completeness and accuracy of security event data by ongoing monitoring of log sources.
• Work with SOC Tier III analysts to develop and test monitoring and alerting use cases and maintain documentation.
• Apply best practices in the development of on-premise and cloud-based security alerts based on both OEM and in-house developed detection logic.
• Assist with the configuration of SIEM tools to analyze security event data, detect suspicious activity and alert on potential security incidents.
• Remove decommissioned, irrelevant or obsolete log sources.
• Validate logging system field extractions and correct as needed.
• Use of native cloud platform security tools and management consoles.
• Develops log aggregation system alerts and searches across instances, including allied businesses.
• Escalates cybersecurity events according to Lowe’s Incident Response Plan, as needed.
• Collaborates with technical teams to identify, resolve and mitigate events.
• Develops products and reports that can be sent for awareness to various groups and levels of leadership.
Education and experience:
• Bachelor’s Degree in related field and 6 years of experience in Information and Network Security or 8 years of IT experience to include 2 years of Information and Network Security.
• Strong technical, analytical, interpersonal, communication and writing skills.
• Strong verbal and written communication skills with ability to work in a team.
• Basic understanding of fundamental security and network concepts (Operating systems, intrusion/detection, TCP/IP, ports, etc.).
• Willing to work in a team-oriented 24/7 SOC environment, flexibility to work on a rotating schedule (including occasional shift work).
• Retail experience in the Information Technology Industry.
• One or more of the following certifications; CompTIA Security, GIAC Global Information Assurance Certification from SANS Institute, Microsoft, Cisco, Splunk, IBM QRadar and/or other relevant certifications.
• Previous experience working in a Security Operations Center (SOC) environment.
• Experience with log aggregation and security event generation activities.
Lowe’s is an equal opportunity affirmative action employer and administers all personnel practices without regard to race, color, religion, sex, age, national origin, disability, sexual orientation, gender identity or expression, marital status, veteran status, genetics or any other category protected under applicable law.