The Information Security Analyst II, SOC Tier III Threat Intel Analyst will serve as a Subject Matter Expert for the Security Operations Center (SOC) cyber threat intelligence program and will assist the threat intelligence lead and SOC analysts. In addition to ingesting and processing intelligence, the analyst will be actively detecting and assessing cyber security events and incidents across the Lowe’s environment. The Analyst works among a team of skilled technicians to address complex or difficult problems as needed within a 24x7 SOC environment. The Analyst also is responsible for following processes and procedures as identified by SOC Leadership to ensure the continuous improvement to monitoring, detection and mitigation capabilities.
Essential Responsibilities:
- Monitors security incident and event management (SIEM) and logging environments for security events and alerts to potential (or active) threats, intrusions, and/or compromises
- Assists with triage of service requests from customers and internal teams
- Escalates cyber security events according to Lowe’s Incident Response Plan
- Assists with containment of threats and remediation of environment during or after an incident
- Documents event analysis and writes comprehensive reports of incident investigations
- Collaborates with technical teams to identify, resolve, and mitigate events
- Assist with complex, sensitive incident response activities
- Perform intelligence analysis using analytical tradecraft methods
- Acts as a participant during Cyber Hunt activities
- Identify threats, trends, and new developments in threats to retail by analyzing raw intelligence and data Identify and monitor the Tactics, Techniques, and Procedures (TTPs) employed by cyber threat actors
- Reviews all current threat intelligence feeds in use, categorizes and prioritizes by relevancy
- Supports a domain name monitoring regimen
- Supports the RH-ISAC threat sharing process for Lowe’s, to include sharing of Lowe’s information and ingestion/deduplication/processing of RH-ISAC information and regular monitoring of and interaction with RH-ISAC resources
- Supports ad-hoc threat intelligence work parcel assignments for Tier I/II analysts and reviews/expands the SOC daily recurring activity SOP’s
- Supports Insider Threat program development, to include monitoring external forums and correlating with internal forums and operationalizing the data
- Supports the development of log aggregation system alerts and searches across instances, including allied businesses
- Furthers the development of a cyber threat intelligence fusion center
- Strong understanding of retail fraud operations
- Provide and assist with finished intelligence analysis to various groups and levels of leadership through written reporting of varied depth on short deadlines, with minimal supervision Supports Data Loss Prevention efforts
- Supports ongoing development of Threat Intelligence Platform
- Expands analysis and hunting efforts into allied businesses
- Supports forensic efforts
- Correlate the MITRE ATT&CK framework to threat actors
Functional Competencies:
- Intermediate understanding of Windows and Unix security: OS lockdown; logging and monitoring; application security; user access
- Intermediate knowledge of perimeter protection principles: understanding the rules of network communication
- Intermediate knowledge of methods used to secure systems exposed to the internet and common tools to simplify the task
- Intermediate understanding of intrusion detection and analysis methods
- Intermediate understanding of incident response activities: detecting, analyzing, and responding to various types of malicious activity
- Intermediate knowledge of and experience with cyber threat intelligence activities
REQUIRED EDUCATION/EXPERIENCE:H.S. Diploma with 6+ years of relevant experience. Two or more years experience as a Security Analyst or equivalent. One or more of the following Information Security certifications: CISSP, CISM, CISA, CRISC. Analytical / problem solving skills. Ability to communicate effectively with both technical and non-technical personnel. Knowledge of infrastructure (networks and servers), services and security policies. Ability to work in a team environment.
Or
Bachelor's Degree in Computer Science or related field
with 4 years of relevant experience. Two or more years experience as a Security Analyst or equivalent. One or more of the following Information Security certifications: CISSP, CISM, CISA, CRISC. Analytical / problem solving skills. Ability to communicate effectively with both technical and non-technical personnel. Knowledge of infrastructure (networks and servers), services and security policies. Ability to work in a team environment.
PREFERRED EDUCATION/EXPERIENCE:Bachelor's Degree in Computer Science or related field with 4 years of retail experience in an Information Technology related area
About Lowe’s:
Lowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 18 million customers a week in the United States and Canada. With fiscal year 2019 sales of $72.1 billion, Lowe’s and its related businesses operate or service more than 2,200 home improvement and hardware stores and employ approximately 300,000 associates. Based in Mooresville, N.C., Lowe’s supports its hometown Charlotte region and all communities it serves through programs focused on creating safe, affordable housing and helping to develop the next generation of skilled trade experts. For more information, visit Lowes.com.
About Lowe’s in the Community
As a FORTUNE® 50 home improvement company, Lowe’s is committed to creating safe, affordable housing and helping to develop the next generation of skilled trade experts through nonprofit partnerships. Across every community we serve, Lowe’s associates donate their time and expertise through the Lowe’s Heroes volunteer program. For the latest news, visit Newsroom.Lowes.com or follow @LowesMedia on Twitter.
Lowe’s is an equal opportunity affirmative action employer and administers all personnel practices without regard to race, color, religion, sex, age, national origin, disability, sexual orientation, gender identity or expression, marital status, veteran status, genetics or any other category protected under applicable law.
