Security Engineer II - Application Security
PURPOSE OF THE ROLE
The Security Engineer II - Application Security is responsible for supporting new deployment efforts, vulnerability scanning, and vulnerability remediation/mitigation within custom developed and commercial off the shelf applications. In this role, the Security Engineer II will be a vital member of a high-impact team performing technical evaluations of security technologies and identify mitigations, research and investigate new and emerging vulnerabilities. The Security Engineer II will analyze a wide breadth of security scanning technology to ensure components are properly configured and tuned appropriately to validate outputs.
Additionally, you will be providing guidance and conduct the integration of various security tools to support a wide range of testing of in place and new applications. You will utilize both automated and manual methods to enhance the capabilities of these security tools using various programming languages (Python, Ruby, PowerShell, SQL, Java, etc.)
- Creates scripts to utilize REST API components of industry-standard tools to integrate vulnerability assessments into the CI/CD process.
- Validates outputs from automated vulnerability assessments to reduce false positives and update those tools to prevent reoccurrence.
- Working knowledge of containers and container management platforms to support the integration of vulnerability assessment tools.
- Administer, manage and use vulnerability system and application scanning tools.
- Coordinate and advocate for secure development practices among disperse product owners to ensure that positive progress is maintained in vulnerability remediation in agile and waterfall development methodologies.
- Support the education of developers and/or system administrators in secure coding and configuration practices to remediate or mitigate vulnerabilities.
REQUIRED EDUCATION/ EXPERIENCE
- H.S. Diploma in General Studies with 6+ years of experience OR Bachelor's Degree in Computer Science or related field with 4 years of experience
- 2+ years of experience as a Security Analyst or equivalent
- Analytical/problem-solving skills.
- Ability to communicate effectively with both technical and non-technical personnel.
- Knowledge of infrastructure (networks and servers), services and security policies.
- Ability to work in a team environment
REFERRED EDUCATION/ EXPERIENCE
- Bachelor's Degree in Computer Science or related field with 4 years of experience
- Familiar with networks and data analysis
- Strong experience conducting vulnerability assessments
- Exeperince in one or more of the following programming languages (Python, Ruby, PowerShell, SQL, and/or Java)
- Working knowledge of containers and container management platforms
- Familiar with network and system architectures
- Familiar with incident response methodologies "Retail" industry experience in an Information Technology related area
- One or more of the following Information Security certifications: CISSP, CISM, CISA, CRIS
Lowe’s is an equal opportunity affirmative action employer and administers all personnel practices without regard to race, color, religion, sex, age, national origin, disability, sexual orientation, gender identity or expression, marital status, veteran status, genetics or any other category protected under applicable law.