Security Analyst III, SOC Tier III, Forensics & Reverse Engineering

Purpose of Role:
The Information Security Analyst III, SOC Tier III, Forensics & Reverse Engineering will serve as a Subject Matter Expert (SME) for the Security Operations Center (SOC) primarily for advanced incident monitoring and response support, threat intelligence, threat hunting, attack surface management and investigations support, to include assessing platform capabilities, leveraging available security functionality and tools, and supporting efforts to manage monitoring and incident response. The incumbent will have shared responsibility for validating that tools and processes are effectively supporting security incident logging and monitoring objectives, and for validating the proper creation of actionable cyber security events and incidents across the Lowe’s cloud and allied business environment. The Analyst works among a team of skilled technicians to address complex or difficult problems as needed within a 24x7 SOC environment, with a focus on advanced incident forensics, static/dynamic malware analysis and malware reverse engineering. The Analyst also is responsible for following processes and procedures as identified by SOC Leadership to ensure the continuous improvement to monitoring, detection and mitigation capabilities.

Essential Responsibilities:

• SME on security incident forensics (host, network and preferably cloud environments) and malware analysis and reverse engineering.
• SME on cyber threat intelligence, threat hunting, attach surface management and investigations.
• Develops products and reports that can be sent for awareness to various groups and levels of leadership.
• Supports threat hunting, threat intelligence, attack surface management and investigations process monitoring and improvement.
• Recommends specific tools and processes to maximize cyber security monitoring and response capability.
• Supports logging and collection of security event data and transmission to technology components for security incident analysis.
• Ensure the completeness and accuracy of security event data by ongoing monitoring of log sources.
• Work with other SOC Tier III analysts to develop and test monitoring and alerting use cases and maintain documentation.
• Apply best practices in the development of on premise and cloud-based security alerts based on both OEM and in-house developed detection logic.
• Assist with the configuration of SIEM tools to analyze security event data, detect suspicious activity, and alert on potential security incidents.
• Escalates cyber security events according to Lowe’s Incident Response Plan, as needed.
• Collaborates with technical teams to identify, resolve, and mitigate information security events.
• Regularly works to reduce the attack surface of the organization by assessing risks, threats and vulnerabilities and implementing solutions or countermeasures.
• Maintain an awareness of information security news and trends.

Functional Competencies:

• Intermediate to advanced knowledge of Splunk, and knowledge of syslog and Windows/Azure/O365/GCP event log formats
• Functional to intermediate knowledge of Microsoft cloud platforms, to include knowledge of all feature sets applicable to security event detection and monitoring. Understanding of security log/event import/export capabilities, i.e. push or pull to SIEM
• Functional to intermediate knowledge of Google cloud platforms, to include knowledge of all feature sets applicable to security event detection and monitoring. Understanding of security log/event import/export capabilities, i.e. push or pull to SIEM
• Advanced understanding of Windows and Unix security: OS lockdown; logging and monitoring; application security; user access
• Functional knowledge of cloud forensics, auditing, incident investigation, threat hunting and threat intelligence applications
• Intermediate to advanced knowledge of host and network forensics, auditing, incident investigation, threat hunting and threat intelligence applications
• Intermediate to advanced knowledge of perimeter protection principles: understanding the rules of network communication
• Advanced understanding of intrusion detection and analysis methods, to include malware analysis and reverse engineering
• Advanced understanding of incident response activities: detecting, analyzing, and responding to various types of malicious activity
• Intermediate to advanced knowledge of SOC runbooks, SOPs and knowledge management functions
• Basic to Intermediate knowledge of Security Orchestration, Automation and Response platforms

REQUIRED EDUCATION/EXPERIENCE
H.S. Diploma with 8+ years of relevant experience. Four or more years experience as a Security Analyst or equivalent. One or more of the following Information Security certifications: CISSP, CISM, CISA, CRISC. Analytical / problem solving skills. Ability to articulate business risks and communicate effectively with both technical and non-technical personnel. Knowledge of core Information Security concepts related to Governance, Risk, and Compliance. Broad knowledge of infrastructure (networks and servers), services, and security policies. Ability to work in a team environment, as well as act independently and exercise good judgment. Ability to prioritize and manage multiple tasks
OR
Bachelor's Degree in Computer Science or related fieldwith 6 years of relevant experience. Four or more years experience as a Security Analyst or equivalent. One or more of the following Information Security certifications: CISSP, CISM, CISA, CRISC. Analytical / problem solving skills. Ability to articulate business risks and communicate effectively with both technical and non-technical personnel. Knowledge of core Information Security concepts related to Governance, Risk, and Compliance. Broad knowledge of infrastructure (networks and servers), services, and security policies. Ability to work in a team environment, as well as act independently and exercise good judgment. Ability to prioritize and manage multiple tasks

PREFERRED EDUCATION/EXPERIENCE
Bachelor's Degree in Computer Science or related field with 6 years of "Retail" experience in an Information Technology related area

About Lowe’s:
Lowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 18 million customers a week in the United States and Canada. With fiscal year 2019 sales of $72.1 billion, Lowe’s and its related businesses operate or service more than 2,200 home improvement and hardware stores and employ approximately 300,000 associates. Based in Mooresville, N.C., Lowe’s supports its hometown Charlotte region and all communities it serves through programs focused on creating safe, affordable housing and helping to develop the next generation of skilled trade experts. For more information, visit Lowes.com.


About Lowe’s in the Community:
As a FORTUNE® 50 home improvement company, Lowe’s is committed to creating safe, affordable housing and helping to develop the next generation of skilled trade experts through nonprofit partnerships. Across every community we serve, Lowe’s associates donate their time and expertise through the Lowe’s Heroes volunteer program. For the latest news, visit Newsroom.Lowes.com or follow @LowesMedia on Twitter.

Lowe’s is an equal opportunity affirmative action employer and administers all personnel practices without regard to race, color, religion, sex, age, national origin, disability, sexual orientation, gender identity or expression, marital status, veteran status, genetics or any other category protected under applicable law.