Your Impact
The primary purpose of this role is to support the implementation and ongoing delivery of information security tools and processes. This includes responsibility for executing and improving processes and procedures with occasional guidance from more senior-level security associates.
This role solves moderately complex problems while completing both tactical and non-tactical activities in support of the successful delivery of assigned information security processes.
The individual in this role continues to grow his/her understanding across the various tools and processes supported by the team, including the key integration points with other parts of Technology. He/she receives occasional guidance and direction from more senior-level associates on the team.

• Analyze data to detect trends, make recommendations, and provide reporting.
• Help assess adherence to the information security processes supported.
• Answer questions from associates about the information security processes supported.
• Document current-state business processes and opportunities for automation.
• Attempt to resolve problems and then escalate problems as necessary to appropriate resources (e.g., support team, vendor).
• Contribute to and help maintain process documentation repositories.
• Help develop standard operating procedures; identify and suggest possible improvements on procedures.
• Collaborate with management to determine information security metrics and help with the collection of information security metrics.
• Maintain an awareness of information security news and trends.
• Help consolidate security-related findings, track OKRs, and present results to information security and business leaders and/or vendors.
• Research current technologies to assist in the development of new capabilities.
• Translate and document business needs into technical requirements and solutions.

• Support the execution of processes and procedures in areas that include Identity & Access Management, security policies, standards and controls creation and management, compliance management, risk management, training, and vulnerability assessment and remediation.
• Support IAM services including account lifecycle management, application onboarding, access governance, and privileged access management.
• Complete intermediate-complexity account lifecycle management, application onboarding to the IAM services, provisioning, access governance, role-based access creation, privileged access governance, and end-user support for IAM and access-related service issues.
• Fulfill information security request intake requests for services, access, and information.
• Conduct assessments of applications and business processes to help Lowe's manage security risks.
• Work on several information security request intake processes.
• Distribute provisioning workloads for execution and manage the status of the fulfillment process.
• Define business and technical requirements for applications that will be included in centralized provisioning processes using enterprise standard technology platforms.

• Bachelor's Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or a related field (or equivalent work or military experience in a related field).
• 2 years of experience in information security.
• Basic understanding of fundamental security and network concepts (Windows and Unix security: OS lockdown; logging and monitoring; application security; user access; perimeter protection principles, network communication rules; intrusion detection and analysis methods; etc.).

• IT experience in the retail industry
• Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen)

• Experience with IAM technology implementation and operations (e.g., CA, Sailpoint, OKTA, SSO, MFA, IGA, Microsoft AD).
• Security Operations Center (SOC)
  Willing to work in a team-oriented 24/7 SOC environment; flexibility to work on a rotating schedule (including occasional shift work).
• Basic knowledge of Microsoft and Google Cloud platforms, including knowledge of all feature sets applicable to security event detection and monitoring.
• Basic understanding of incident response activities: detecting, analyzing, and responding to various types of malicious activity.
• Basic knowledge of Microsoft and Google Cloud platforms, including knowledge of all feature sets applicable to security event detection and monitoring.
• Previous experience working in a Security Operations Center (SOC) environment.
• Experience with malware analysis.

• Basic knowledge of threat intelligence, threat hunting, attack surface management, and investigations Code, support functions.
• General understanding of the output from cybersecurity scanning technologies to include operating systems, Custom Web-based vulnerability analysis, 3rd party installed and hosted applications, cloud-hosted compute platforms, and microservices.

• 1 year of experience developing Cybersecurity or information assurance policies, standards, awareness training, or equivalent issuances.
• 1 year of experience conducting assessments or technical reviews to analyze risk.
  Experience with information security programs, audits, controls, assessments, risk assessments, or remediation management.
• Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen).
• Experience conducting information security risk assessments of vendors and vendor software.

• Associates are required to relocate to the Charlotte region to foster collaboration and facilitate improved testing and support.
• Lowe's supports a Flex Office concept where in-person work is required two days per week at the Charlotte Tech Hub
• Most business meetings are planned around the Eastern time zone.