Vacancy expired!
- Conducts internal and external Penetration Tests using proprietary and open-source tools to identify vulnerabilities and exposure within Lowe's systems and applications
- Assist in developing methodologies for continuous enhancements to red teaming methods and processes
- Performs Hands-On Penetration Tests and Red Team assessments of Lowe's enterprise and its infrastructure
- Performs network penetration, web and mobile application testing, source code reviews
- Develops, researches, and maintains proficiency in tools, techniques, countermeasures, and vulnerabilities trends ranging from data compromise/destruction, covert communications, encryption attacks
- Prescribes cybersecurity best practices techniques to address weaknesses in cyber assets and combat sophisticated threats against those assets
- Analyzes data to detect trends, make recommendations, and provide reporting, defines reporting requirements for standard reports
- Leads activities to assess adherence to the information security processes supported
- Answers questions from associates about the information security processes supported; handles more complex questions/issues elevated from other analysts on the team Designs and facilitates process optimization initiatives
- Serves as an escalation point and mentor for junior staff for the most complex support problems
- Maintains process documentation repositories; ensures information is compiled in a thorough and organized manner
- Leads efforts to develop standard operating procedures; identifies and incorporates improvements on procedures based on best practices and industry trends
- Collaborates with management to determine information security metrics and leads the collection of information security metric
- Maintains an awareness of information security news and trends
- Consolidates security-related findings, tracks KPIs, and presents results to information security and business leaders and/or vendors
- Researches current technologies to assist in the development of new capabilities and recommends solution options
- Advises users and team members on the execution of complex processes, interprets standards and regulations, and assists with solutions
- Creates and optimizes frameworks and tools and leads assessments of applications and businesses processes to help Lowe's integrate security services
- Provides direction, coaching, and training to more junior level analysts to ensure that they have the knowledge and tools needed and to assist them with complex task
- Mentors and advises others, sharing an in-depth understanding of the company and industry methodologies, policies, standards, and controls
- Facilitates cross-functional (security, technology, business) teams to solve complex problems
- Provides insight and consultation to help ensure new and existing security solutions are developed with insight into industry best practices, strategies, and architectures
- Makes recommendations for process or technology changes
- Develops tools or processes to operationalize/improve workflows
- Partners with senior key stakeholders to develop and/or update Information Security documents such as policies, standards, procedures, training
- Bachelor's degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field
- 6 years of experience in information security
- Advanced understanding of fundamental security and network concepts (Windows and Unix security: OS lockdown; logging and monitoring; application security; user access; perimeter protection principles, network communication rules; intrusion detection and analysis methods; etc.)
- Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen)
- 5+ years penetration testing experience
- 3+ years functioning as a lead on security engagements
- Ability to analyze and write technical reports
- 3+ years of programming or scripting language (python, java, bash, powershell)
- Familiarity with vulnerability management and penetration testing tools operating system internal functions.
- Ability to present/defend positions and build consensus with technical/non-technical personnel across different agencies/organizations.
- Ability to translate vulnerabilities into remediation efforts and work with relevant teams
Vacancy expired!