Job Details

ID #17316118
State North Carolina
City Charlotte
Job type Permanent
Salary USD TBD TBD
Source Lowes Home Improvement
Showed 2021-07-26
Date 2021-07-25
Deadline 2021-09-23
Category Security
Create resume

Application Security Engineer, WAF

North Carolina, Charlotte, 28201 Charlotte USA

Vacancy expired!

Job Summary:

The primary purpose of this role is to provide application security consulting to digital channel software development resources and advance information security tooling and services. This role will primarily focus on web application security controls, including web application firewall (WAF) and BOT mitigation strategies. The successful candidate should have a strong understanding of web application attack vectors, implementing WAF/Bot policies to mitigate threats, and effectively communicating WAF/Bot strategies to stakeholders.

Key Responsibilities:
  • Serve as a hands-on subject matter expert for WAF and BOT mitigation
  • Provide analysis for WAF/ BOT mitigation designs and implementation plans
  • Research website and API traffic telemetry and determine appropriate WAF/ BOT mitigation
  • Analyze WAF/ BOT attack traffic to assess security risk, derive severity, and set mitigation priority
  • Participate in planning efforts and implement incremental WAF/ BOT threat identification and mitigation improvements
  • Participate in SOC and threat intelligence tasks providing security consulting
  • Participate in and execute technical evaluations of pertinent new security technologies addressing emerging threats and industry trends
  • Participate in modeling potential Digital application security threats and mitigations
  • Deliver and resolve complex engineering problems spanning multiple applications to drive overall improvements in security across systems and applications
  • Assist the Information Security team in monitoring and managing security systems and reviewing logs
  • Respond to escalated security engineering issues for enterprise systems; facilitate and troubleshoot when necessary
  • Serve as a security engineering resource for project teams throughout the implementation and maintenance of assigned information security solutions; contribute to the definition and governance of security documentation (e.g. guidelines, processes, procedures)
  • Support Vulnerability Management efforts in reviewing security defects and providing remediation consulting to development teamsAssist development teams and Vulnerability Management with the prioritization of application security defects

Minimum Qualifications:
  • Bachelor's degree in Computer Science, CIS, Engineering, Cybersecurity, or related field (or equivalent work or military experience in a related field)
  • 2 years of experience in technology system support, software development or a related field
  • 1 year of experience with information security applications and systems
  • 1 year of experience in database technologies
  • 1 year of experience working on project(s) involving the implementation of solutions applying development life cycles (SDLC)
  • 2 years of experience analyzing the output of industry-standard cybersecurity tools and identifying remediations to reduce risk and exposure of applications

Preferred Qualifications:
  • Working knowledge of WAF and BOT concepts and products (e.g. Akamai Kona/ BOT-Manager, Fastly Cloud WAF, Google Cloud Armor, etc.)
  • Knowledge of browser security headers (e.g. CSP, HSTS, etc.)
  • Experience implementing web application firewalls for e-Commerce sites
  • Knowledge of API security gateway concepts and products (Apigee, Layer 7, DataPower, etc.)
  • Experience in delivering security product deployments, integration, and operational efforts
  • Experience facilitating vendor security product requests for engineering requirements, enhancements, maintenance, and configuration
  • Familiarity with OWASP Top 10 and/or SANS Top 25
  • Familiarity with one or more of the following development languages: Java, Python, JavaScript/Node.js, GO, PHP
  • Familiarity of Magecart style attacks and mitigation solutions

About Lowe's:Lowe's Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 20 million customers a week in the United States and Canada. With fiscal year 2020 sales of nearly $90 billion, Lowe's and its related businesses operate or service more than 2,200 home improvement and hardware stores and employ over 300,000 associates. Based in Mooresville, N.C., Lowe's supports the communities it serves through programs focused on creating safe, affordable housing and helping to develop the next generation of skilled trade experts. For more information, visit Lowes.com.

About Lowe's in the Community:As a FORTUNE® 50 home improvement company, Lowe's is committed to creating safe, affordable housing and helping to develop the next generation of skilled trade experts through nonprofit partnerships. Across every community we serve, Lowe's associates donate their time and expertise through the Lowe's Heroes volunteer program. For the latest news, visit Newsroom.Lowes.com or follow @LowesMedia on Twitter.

Lowe's is an equal opportunity affirmative action employer and administers all personnel practices without regard to race, color, religion, sex, age, national origin, disability, sexual orientation, gender identity or expression, marital status, veteran status, genetics or any other category protected under applicable law.

Vacancy expired!

Subscribe Report job