Security Analyst II, SOC Tier III Cloud Security

Lowe's Inc.
Mooresville, NC

The Information Security Analyst II, SOC Tier III Cloud Security Analyst position is responsible for detecting and assessing cyber security events and incidents across the Lowe’s environment. The Analyst works among a team of skilled technicians to address complex or difficult problems as needed within a 24x7 Security Operations Center (SOC) environment. The Analyst also is responsible for implementing new processes and procedures as identified by the IRT (Incident Response Team) and the SOC Leadership to ensure the continuous improvement to monitoring, detection and mitigation capabilities. The analyst will also have shared responsibility for cloud platform information security, to include assessing platform capabilities, leveraging available security functionality and tools, and supporting efforts to manage monitoring and incident response. This will include implementation of Security Information and Event Management (SIEM) logic/rule/alert development for Lowe’s cloud and allied business monitoring and incident response initiatives. The incumbent will have shared responsibility for validating that tools and processes are effectively supporting security incident logging and monitoring objectives, and for validating the proper creation of actionable cyber security events and incidents across the Lowe’s cloud and allied business environment.

Essential Responsibilities:

  • Monitors security incident and event management (SIEM) and logging environments for security events and alerts to potential (or active) threats, intrusions, and/or compromises
  • Assists with triage of service requests from customers and internal teams
  • Escalates cyber security events according to Lowe’s Incident Response Plan
  • Assists with containment of threats and remediation of environment during or after an incident
  • Documents event analysis and writes comprehensive reports of incident investigations
  • Collaborate with technical teams to identify, resolve, and mitigate events
  • Research and assess the security capabilities and functionality of new or existing cloud platforms, and perform gap and/or integration analysis as needed
  • Recommend specific tools and processes to maximize monitoring and response capability
  • Support logging and collection of security event data and transmission to technology components for security incident analysis
  • Ensure the completeness and accuracy of security event data by ongoing monitoring of log sources
  • Work with SOC Tier III analysts to develop and test monitoring and alerting use cases and maintain documentation
  • Apply best practices in the development of on premise and cloud-based security alerts based on both OEM and in-house developed detection logic
  • Assist with the configuration of SIEM tools to analyze security event data, detect suspicious activity, and alert on potential security incidents
  • Monitor for decommissioned, irrelevant or obsolete log sources
  • Use of native cloud platform security tools and management consoles
  • Participate in threat hunting and cyber threat intelligence initiatives

Functional Competencies:

  • Intermediate knowledge of Splunk, and knowledge of syslog and Windows/Azure/O365/GCP event log formats
  • Basic knowledge of Microsoft cloud platforms, to include knowledge of all feature sets applicable to security event detection and monitoring. Understanding of security log/event import/export capabilities, i.e. push or pull to SIEM
  • Basic knowledge of Google cloud platforms, to include knowledge of all feature sets applicable to security event detection and monitoring. Understanding of security log/event import/export capabilities, i.e. push or pull to SIEM
  • Basic knowledge of Amazon cloud platforms, to include knowledge of all feature sets applicable to security event detection and monitoring. Understanding of security log/event import/export capabilities, i.e. push or pull to SIEM
  • Basic knowledge of Prisma Cloud (RedLock), to include knowledge of all feature sets applicable to security event detection and monitoring
  • Basic understanding of scripting/query languages applicable to log search and analytics
  • Intermediate understanding of Windows and Unix security: OS lockdown; logging and monitoring; application security; user access
  • Intermediate knowledge of perimeter protection principles: understanding the rules of network communication
  • Intermediate understanding of intrusion detection and analysis methods
  • Intermediate understanding of incident response activities: detecting, analyzing, and responding to various types of malicious activity

REQUIRED EDUCATION/EXPERIENCE:
H.S. Diploma with 6+ years of relevant experience. Two or more years experience as a Security Analyst or equivalent. One or more of the following Information Security certifications: CISSP, CISM, CISA, CRISC. Analytical / problem solving skills. Ability to communicate effectively with both technical and non-technical personnel. Knowledge of infrastructure (networks and servers), services and security policies. Ability to work in a team environment.
Or
Bachelor's Degree in Computer Science or related fieldwith 4 years of relevant experience. Two or more years experience as a Security Analyst or equivalent. One or more of the following Information Security certifications: CISSP, CISM, CISA, CRISC. Analytical / problem solving skills. Ability to communicate effectively with both technical and non-technical personnel. Knowledge of infrastructure (networks and servers), services and security policies. Ability to work in a team environment.


PREFERRED EDUCATION/EXPERIENCE:
Bachelor's Degree in Computer Science or related field with 4 years of retail experience in an Information Technology related area



About Lowe’s:
Lowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 18 million customers a week in the United States and Canada. With fiscal year 2019 sales of $72.1 billion, Lowe’s and its related businesses operate or service more than 2,200 home improvement and hardware stores and employ approximately 300,000 associates. Based in Mooresville, N.C., Lowe’s supports its hometown Charlotte region and all communities it serves through programs focused on creating safe, affordable housing and helping to develop the next generation of skilled trade experts. For more information, visit Lowes.com.

About Lowe’s in the Community
As a FORTUNE® 50 home improvement company, Lowe’s is committed to creating safe, affordable housing and helping to develop the next generation of skilled trade experts through nonprofit partnerships. Across every community we serve, Lowe’s associates donate their time and expertise through the Lowe’s Heroes volunteer program. For the latest news, visit Newsroom.Lowes.com or follow @LowesMedia on Twitter.


Lowe’s is an equal opportunity affirmative action employer and administers all personnel practices without regard to race, color, religion, sex, age, national origin, disability, sexual orientation, gender identity or expression, marital status, veteran status, genetics or any other category protected under applicable law.

// // //