Lead Engineer, Information Security

Lowe's Companies, Inc. Mooresville , NC 28117

Posted 2 months ago

Job Description:

JOB DESCRIPTION: Position based in Mooresville, NC, some teleworking may be permitted. Travel to Lowe's offices may be required.

Serve as a technical expert for project teams throughout the implementation and maintenance of assigned information security solutions; defines and oversees the documentation of detailed standards (e.g., guidelines, processes, procedures). Educate others on current architectural standards and guidelines to drive efficiency in the design and implementation of information security solutions. Resolve complex problems spanning multiple applications to drive overall improvements in security across systems and applications.

Assist the Information Security team in monitoring security systems, reviewing logs, and managing information security systems. Analyze system vulnerability scans, penetration tests and risk assessments; works with business units to resolve identified vulnerabilities within established SLAs. Design and leads internal and external penetration validation testing to ensure that computer systems are up to date relative to all operating systems, patches, and virus protection software.

Facilitate effective collaboration with other technology teams including Engineering to design and implement remediation solutions. Identify, report, and lead technical support activities during information security incidents as part of an Incident Response Team; reviews and responds to security alerts to investigate malicious activity. Lead the technical evaluation of new security technologies that address both current and future needs based on emerging threats and industry trends.

Keep up to date with exploits relevant to the retail sales environment; researches possible preventative measures. Solve complex cross-functional architecture/design and business problems; solutions are extensible; works to simplify, optimize, remove bottlenecks, etc. Mentor and advises others, sharing an in-depth understanding of company and industry methodologies, policies, standards, and controls.

Make recommendations to Business and Technology leadership to ensure alignment of infrastructure applications and data with current and future security standards. Respond to escalated security issues for enterprise systems; facilitates advanced diagnosis and troubleshooting when necessary.

JOB REQUIREMENTS: Job requires a Bachelor's Degree in Computer Science, CIS, Engineering or a related field and 7 years of experience in technology system support, software development or a related field.

Must have prior experience in:

  • 6 years of experience working with Project(s) involving the implementation of solutions applying development life cycles (SDLC).

  • 5 years of experience with Information security applications and systems including Next Gen Firewalls (Cisco ASA/FTD, Palo Alto, Fortinet Firewalls), BigIP F5 and Citrix NetScaler Application Delivery Controllers, Websense, Zscaler, Cisco WSA and CWS Proxy, Cisco WLC Lan controllers, Routers and Switch Security, FireEye IDS/IPS. Performed Tenable Nessus Scanning and Vulnerability assessments.

  • 4 years of experience with:

  • Database technologies leveraging Microsoft SQL and Microsoft Access;

  • Designing application pipelines with secure configuration parameters to remove or reduce known threat vectors using Jenkins CICD Pipeline leveraging Ansible and Yaml; and

  • Evaluating complex application and hosting environments to identify potential weaknesses and provide remediation plans to reduce risk.

  • 3 years of experience with DevOps experience.

  • 1 year of experience with Cloud technologies including GCP and AWS.

Qualified applicants should email cvr ltr & resume to: lowescareer@lowes.com. Reference #3337553



icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Sr Information Security Engineer

Electric Power Research Institute

Posted 6 days ago

VIEW JOBS 1/15/2022 12:00:00 AM 2022-04-15T00:00 Job Title: Sr Information Security Engineer Location: Charlotte, NC, Remote/Home Based Job Summary and Description: Key Responsibilities: Assist the management of Information Security and when assigned, take the lead in the development, implementation, verification and enforcement of security policies and guidelines. Lead as assigned the development and maintenance of documentation that details our security environment, including but not limited to device build documents, policy documentation, topology diagrams, technical standards, operational procedures and troubleshooting how to's. Identify and mitigate vulnerabilities and attacks within the EPRI computing environment. Research, design, and lead implementation of new methods and technologies that may be applicable to securing EPRI while meeting applicable security policies and standards Research new threats, attacks and vulnerabilities that may affect the EPRI computing environment to learn how to identify and react to them. Assists in responding to audits, in the remediation of findings and validation of remediation from various testing and assessments. Install and configure new computer security packages. Install, update and configure security devices and other hardware used in the protection of EPRI computing environment. Assist the management of Information Security in technical support issues, investigations and risk assessment. Troubleshoot and resolve security related computer or network problems. Respond to end users request involving security related computing or networking problems. Consult with end users regarding their secure computing needs, making recommendations for new products and solutions. Lead as assigned other technical resources within Information Technology services and resources across the sectors at EPRI to ensure security is factored into the evaluation, selection, installation and configuration of hardware and software solutions. Continue to be educated on new and emerging security risks and technologies that effect EPRI's computing environment. Assist in the development of new security architectures. Co-ordinate EPRI's endpoint protection and participate in any required incident response. Mobile device security support. Perform penetration assessments against web applications produced, managed, or related to EPRI. Assume leadership role over assigned projects. Assist in the development of the Information Security team through direct mentorship of junior technical resources. Review applications in accordance with OWASP Application Security Verification Standard (ASVS). Education and Experience: Bachelor's degree or equivalent experience desired. 6-12 year's technical experience in related fields (information security, computers, telecom, networking, etc.). Strong knowledge of the Windows operating systems (Workstation & Server). Strong knowledge of other OSs (Apple, UNIX, Linux). Working knowledge of various security tools such as EPP, EDR, vulnerability management, threat intelligence, application assessment, etc. Working knowledge of SIEM solutions and Soc operations Working knowledge of forensic toolkits and virus/malware response. Working knowledge of at least 3 for the following scripting languages: a) Python, b) Perl, c) Linux/Unix Shell script, d) Java, e) PowerShell or f) C. Strong knowledge of TCP/IP and related Internet and network protocols. Strong knowledge of firewalls, IPS, IDS, HIPS, VPN, TLS/SSL, terminal servers, RAS and DNS. Strong knowledge of PCAP analyzation for troubleshooting and traffic identification. Knowledge of various network switches, routers, hubs, etc. Expert knowledge of browsers and exploit methods. Skills and Attributes: Motivated self-starter Committed to continuous education through formal and informal professional development Operates with discretion and confidentiality as appropriate Strong written and verbal communication Functions well in a team environment EPRI participates in E-Verify, an online system operated jointly by the Department of Homeland Security and the Social Security Administration (SSA). EPRI uses the system to check the work status of new hires by comparing information from the employee's I-9 form against SSA and Department of Homeland Security databases. Note: To ensure compliance with U.S. export controls, please indicate your U.S. citizenship or (for foreign citizens) your U.S. visa/immigration status in your resume or cover letter. EPRI is an equal opportunity employer. EEO/AA/M/F/VETS/Disabled Together . . . Shaping the Future of Electricity. www.epri.com Electric Power Research Institute Mooresville NC

Lead Engineer, Information Security

Lowe's Companies, Inc.