Lead Engineer, Information Security
Lowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 18 million customers a week in the United States and Canada. With fiscal year 2019 sales of $72.1 billion, Lowe’s and its related businesses operate or service more than 2,200 home improvement and hardware stores and employ approximately 300,000 associates. Based in Mooresville, N.C., Lowe’s supports its hometown Charlotte region and all communities it serves through programs focused on creating safe, affordable housing and helping to develop the next generation of skilled trade experts. For more information, visit Lowes.com.
The primary purpose of this role is to provide application security consulting to digital channel software development resources and advance information security tooling and services. This includes providing assistance with software development related SOC efforts, assessing application and service security, modeling threats, and providing engineering leadership for pertinent security solutions. To be successful in this role, an individual must be an expert in OWASP security concepts, have the ability to lead security solution deployments, and facilitate development touchpoints.
• Participate in SOC and Threat Intelligence efforts by providing secure software analysis to determine threat impact and risk.
• Assess pertinent applications and services to determine security risk.
• Modeling potential application security threats and mitigations.
• Provide code, design, and architecture consultation on identified application and service security risks.
• Participate in defining secure code, design and architecture best practices.
• Leads the technical evaluation of new security technologies that address both current and future needs based on emerging threats and industry trends.
• Provides technical leadership in engineering efforts related to impacting security solutions.
• Facilitates and leads development integration efforts for in house and COTS security solutions.
• Support Vulnerability Management efforts in reviewing security defects and providing remediation consulting to development teams.
• Assist development teams and Vulnerability Management with the prioritization of application security defects.
• Resolves complex problems spanning multiple applications to drive overall improvements in security across systems and applications.
• Assists the Information Security team in monitoring security systems, reviewing logs, and managing information security systems.
• Responds to escalated security issues for enterprise systems; facilitate advanced diagnosis and troubleshoot when necessary.
• Serves as a technical expert for project teams throughout the implementation and maintenance of assigned information security solutions; defines and oversees the documentation of detailed standards (e.g., guidelines, processes, procedures).
• Bachelor’s degree in Computer Science, CIS, Engineering, Cybersecurity, or related field
• 7 years of experience in technology system support, software development or a related field
• 5 years of experience with information security applications and systems
• 4 years of experience in database technologies
• 6 years of experience working on project(s) involving the implementation of solutions applying development life cycles (SDLC)
• 3 years of DevOps experience
• 1 year of experience with Cloud technologies
• 4 years of experience designing application pipelines with secure configuration parameters to remove or reduce known threat vectors
• 4 years of experience evaluating complex application and hosting environments to identify potential weaknesses and provide remediation plans to reduce risk
• 5 years of experiencing designing complex application and infrastructure systems to identify and recommend cybersecurity mitigations in either code or additional infrastructure items (WAF, FW, etc.)
• 6 years of experience working with diverse application and infrastructure environments to identify and provide technical guidance on threat reduction at both the application and supporting infrastructure layer
• Master’s degree in Computer Science, CIS, or related field
• Prior experience in leading security product deployment, integration, and operational efforts
• Experience facilitating vendor security product requests for engineering requirements, enhancements, maintenance, and configuration
• Working knowledge of WAF and API gateway concepts and products
• Detailed knowledge of and experience in implementing OWASP Top 10 secure coding practices