Sr Analyst, Information Security

Job Summary The primary purpose of this role is to lead the implementation and ongoing delivery of information security tools and processes. This includes responsibility for creating, executing and improving processes and procedures with limited direct guidance from more senior level security associates. This role solves complex problems while creating and optimizing processes and often takes a lead role in implementing new services and technologies.The individual in this role has a strong understanding of most tools and processes supported by the team, including many of the key integration points with other parts of Technology. He/she works mostly independently and occasionally provides coaching and direction to more junior level associates on the team.With a focus specifically on Identity & Access Management, this role focuses on delivering timely, accurate, and controlled system access for the Lowe's global workforce. This includes creating and maintaining processes, tools, controls and governance mechanisms such as roles, reports, metrics and issue resolution servicesWith a focus specifically on the Security Operations Center (SOC), this role supports Tier I and II functions within a 24x7 SOC environment, helping to implement new processes and focusing on a range of standard to complex security issues. This includes activities aimed at detecting and assessing cyber security events and incidents across the Lowe's environment.With a focus specifically on Security Threat & Vulnerability, this role executes processes focused on vulnerability identification or remediation. This includes information security and risk activities such as oversight of vulnerability assessments and remediation programs serving both internal and external stakeholders.With a focus specifically on Security Governance, Risk and Compliance, this role completes activities that help drive awareness and adherence to information security policies and standards. Tasks include collecting and reviewing metrics, monitoring programs for compliance, and performing risk assessments, and working with others to implement appropriate controls.Qualifications Minimum Qualifications • Bachelor's Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work or military experience in a related field)• 4 years of experience in information security• Intermediate understanding of fundamental security and network concepts (Windows and Unix security: OS lockdown; logging and monitoring; application security; user access; perimeter protection principles, network communication rules; intrusion detection and analysis methods; etc.) Preferred Qualifications • IT experience in the retail industry• Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen)Identity & Access Management• Experience with IAM technology implementation and operations (e.g., CA, Sailpoint, OKTA, SSO, MFA, IGA, Microsoft AD) (specific to Identity & Access Management role)Security Operations Center (SOC)• Willing to work in a team-oriented 24/7 SOC environment; flexibility to work on a rotating schedule (including occasional shift work) (specific to Security Operations Center role)• Intermediate knowledge of Microsoft and Google cloud platforms, to include knowledge of all feature sets applicable to security event detection and monitoring (specific to Security Operations Center role)• Intermediate understanding of incident response activities: detecting, analyzing, and responding to various types of malicious activity (specific to Security Operations Center role)• Basic knowledge of SOC runbooks, SOPs and knowledge management function (specific to Security Operations Center role)• Basic knowledge of threat intelligence, threat hunting, attack surface management and investigations support functions (specific to Security Operations Center role)• Basic knowledge of Microsoft and Google cloud platforms, to include knowledge of all feature sets applicable to security event detection and monitoring (specific to Security Operations Center role)• Previous experience working in a Security Operations Center (SOC) environment (specific to Security Operations Center role)• Experience with malware analysis (specific to Security Operations Center role)• Experience as a team leader or incident coordinator (specific to Security Operations Center role)Security Threat & Vulnerability• Intermediate knowledge of threat intelligence, threat hunting, attack surface management and investigations support functions (specific to Security Threat & Vulnerability role)• Highly experienced in the understanding of the output from cybersecurity scanning technologies to include operating systems, Custom Code, Web-based vulnerability analysis, 3rd party installed and hosted applications, cloud-hosted compute platforms, and microservices (specific to Security Threat & Vulnerability role)• Demonstrated understanding of internal security controls, assess risks and identify opportunities for improvement (specific to Security Threat & Vulnerability role)• Highly experienced with information security concepts related to Threat and Vulnerability Management, system architecture and Internet technology (specific to Security Threat & Vulnerability role)• Expertise in Vulnerabilities (OS, application, custom code, configuration, etc.) and associated risks (specific to Security Threat & Vulnerability role)• Knowledge of attack vectors, threat actors, and mitigation techniques (specific to Security Threat & Vulnerability role)Security Governance, Risk & Compliance• 2 years of experience developing Cybersecurity or information assurance policies, standards, awareness training, or equivalent issuances (specific to Security Governance, Risk & Compliance role)• 2 years of experience conducting assessments or technical reviews to analyze risk (specific to Security Governance, Risk & Compliance role)• Experience with information security programs, audits, controls, assessments, risk assessments, or remediation management (specific to Security Governance, Risk & Compliance role)• Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen) (specific to Security Governance, Risk & Compliance role)• Experience conducting information security risk assessments of vendors and vendor software (specific to Security Governance, Risk & Compliance role)About Lowe's:Lowe's Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 19 million customer transactions a week in the United States and Canada. With fiscal year 2021 sales of over $96 billion, Lowe's and its related businesses operate or service nearly 2,200 home improvement and hardware stores and employ over 300,000 associates. Based in Mooresville, N.C., Lowe's supports the communities it serves through programs focused on creating safe, affordable housing and helping to develop the next generation of skilled trade experts. ForEEO StatementLowe's is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.Pay Range for CA, CO, NJ, NY, WA: $70,700.00 - $170,000.00 annually Pay Range for CA, CO, NJ, NY, WA: $70,700.00 - $170,000.00 annually