Your Impact

The primary purpose of this role is to complete key tactical activities, implementation, and ongoing delivery of information security tools and processes. This includes responsibility for creating and executing. And improving processes and procedures with limited direct guidance from more lead-level security associates.

This role solves complex problems while creating and optimizing processes and often takes a lead role in implementing new services and technologies.

The individual in this role has a strong understanding of most tools and processes supported by the team, including many of the key integration points with other parts of Technology. He/she works mostly independently and occasionally provides coaching and direction to more junior-level associates on the team.

• Analyze data to detect trends, make recommendations, and provide reporting.
• Manage activities to assess adherence to the information security processes supported.
• Answer questions from associates about the information security processes supported; handle more complex questions/issues elevated from other analysts on the team.
• Identify opportunities for process improvements and make recommendations for best practices.
• Serve as an escalation point and mentor for junior staff.
• Contribute to and help maintain process documentation repositories.
• Develop standard operating procedures; identify and suggest possible improvements on procedures.
• Collaborate with management to determine information security metrics and lead the collection of information security metrics.
• Maintains an awareness of information security news and trends.
• Consolidate security-related findings track OKRs and present results to information security and business leaders and/or vendors.
• Research current technologies to assist in the development of new capabilities and recommend solution options.
• Translate and document business needs into technical requirements and solutions.
• Advise users and team members on the execution of processes, interpret standards and regulations, and assist with solutions.
• Implement frameworks and tools and manage assessments of applications and business processes to help Lowe's integrated security services.
• Assist with the training and development of analysts as needed.
• Provide mentoring and guidance to analysts; may provide feedback and direction on specific tasks.

• Detect and assess cyber security events and incidents across the Lowe's environment.
• Work with technicians to address complex or difficult problems as needed within a 24x7 Security Operations Center (SOC) environment.
• Implement new processes and procedures as identified by the IRT (Incident Response Team) and the SOC Leadership to ensure the continuous improvement of monitoring, detection, and mitigation capabilities.
• Monitor security incident and event management (SIEM) and logging environments for security events and alerts to potential (or active) threats, intrusions, and/or compromises.
• Assist with security incident response process monitoring and improvement.
• Document event analysis and write comprehensive reports of security incident investigations.
• Assist with the triage of information security service requests from customers and internal teams.
• Escalate cyber security events according to Lowe's Incident Response Plan.
• Collaborate with technical teams to identify, resolve, and mitigate information security events.
• Recommend specific tools and processes to maximize monitoring and response capability.
• Research and assess the security capabilities and functionality of new or existing Onprem/cloud platforms and perform gap and/or integration analysis as needed.
• Assist with the configuration of SIEM tools to analyze security event data, detect suspicious activity, and alert on potential security incidents.
• Ensure the completeness and accuracy of security event data by ongoing monitoring of log sources.

• Bachelor's Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or a related field (or equivalent work or military experience in a related field).
• 4 years of experience in information security.
• Intermediate understanding of fundamental security and network concepts (Windows and Unix security: OS lockdown; logging and monitoring; application security; user access; perimeter protection principles, network communication rules; intrusion detection and analysis methods; etc.).

• IT experience in the retail industry

• Relevant information security certifications (e.g., CISSP, GCIH, Security+, GCDA, CEH, CYSA+, BTL1)
  
  Security Operations Center (SOC):

• Willing to work in a team-oriented 24/7 SOC environment; flexibility to work on a rotating schedule (including occasional shift work).
• Basic knowledge of Microsoft and Google Cloud platforms, including knowledge of all feature sets applicable to security event detection and monitoring.
• Intermediate understanding of incident response activities: detecting, analyzing, and responding to various types of malicious activity.
• Intermediate knowledge of SOC runbooks, SOPs, and knowledge management functions.
• Intermediate knowledge of threat intelligence, threat hunting, attack surface management, and investigations support functions.
• Experience with malware analysis.
• Experience as a team leader or incident coordinator.
• Knowledge of attack vectors, threat actors, and mitigation techniques.

• Associates are required to relocate to the Charlotte region to foster collaboration and facilitate improved testing and support.
• Lowe's supports a Flex Office concept where in-person work is required two days per week at the Charlotte Tech Hub
• Most business meetings are planned around the Eastern time zone.