Engineer, Information Security- Digital Applications
Lowe's
- Charlotte, NC
- Permanent
- Full-time
- Serve as a Hands-on subject matter expert for WAF, BOT mitigation, and script mitigation tooling
- Provide analysis for WAF/BOT mitigation designs and implementation plans
- Research website and API traffic telemetry and determine appropriate WAF/BOT mitigation
- Analyse WAF/BOT attack traffic to assess security risk, derive severity, and set mitigation priority
- Participate in planning efforts and implement incremental WAF/BOT threat identification and mitigation improvements
- Analyse script alerting to assess security risk, derive severity, and set mitigation priority
- Participate in SOC and threat intelligence tasks providing security consulting
- Participate in and execute technical evaluations of pertinent new security technologies addressing emerging threats and industry trends
- Participate in modelling potential Digital Application security threats and mitigations
- Facilitate, deliver and support integration engineering efforts for Digital in-house, COTS and SaaS security solutions
- Deliver and resolve complex engineering problems spanning multiple applications to drive overall improvements in security across systems and applications
- Assist the Information Security team in monitoring and managing security systems and reviewing logs
- Respond to escalated security engineering issues for enterprise systems, facilitate and troubleshoot when necessary
- Serve a security engineering resource for project teams throughout the implementation and maintenance of assigned information security solutions, contribute to the definition and governance of security documentation (e.g. guidelines, processes, procedure)
- Bachelors Degree in Computer Science, CIS, Engineering, Cybersecurity, or related field (or equivalent work experience in a related field)
- 2 Years of experience in technology system support, software development or a related field
- 1 Year of experience with information security applications and systems
- Relevant information security certifications (e.g. CISSP, CISM, CEH, GPen)
- Information Technology experience in the retail industry
- Knowledge of information security practices and policies
- Knowledge of IT Infrastructure Library (ITIL) framework
- Knowledge of WAF and BOT concepts and solutions
- Knowledge of browser security headers (e.g. CSP, HSTS, etc.)
- Knowledge of API security gateway concepts
- Experience in delivering security product deployments, integrations, and operational efforts
- Experience facilitating vendor security product requests for engineering requirements, enhancements, maintenance, and configuration
- Familiarity with OWASP Top 10 and/or SANS Top 25
- Familiarity with retail regulatory scope (PCI, SOX, etc.)
- Familiarity of Magecart style attacks and mitigations