Skip to main content

Job Descripton

Security Engineer II - Vulnerability Assessments

Apply Now
Job ID 1613042BR Date posted 06/26/2019 Location Mooresville, North Carolina Location Name Mooresville, NC (SSC) Address 1000 Lowes Boulevard Employment Type I Full time Employment Type II Regular Line of Business Corporate Department LWS_USA_IT Security TVM
PURPOSE OF ROLE
The Security Engineer II - Vulnerability Assessments is responsible for supporting new deployment efforts, vulnerability scanning, and vulnerability remediation/mitigation. In this role, the Security Engineer II will be a vital member of a high-impact team performing technical evaluations of security technologies and identify mitigations, research and investigate new and emerging vulnerabilities.

The Security Engineer II - Vulnerability Assessments will analyze a wide breadth of security scanning technology to ensure components are properly configured and tuned appropriately to validate outputs.Additionally, you will be providing guidance and conduct the integration of various security tools to support a wide range of testing of in place and new applications. You will utilize both automated and manual methods to enhance the capabilities of these security tools using various programming languages (Python, Ruby, PowerShell, SQL, etc.)

RESPONSIBILITY STATEMENTS 
  • Creates scripts to utilize REST API components of industry standard tools to integrate vulnerability assessments into the CI/CD process
  • Validates outputs from automated vulnerability assessments to reduce false positives and update those tools to prevent reoccurrence
  • Working knowledge of containers and container management platforms to support the integration of vulnerability assessment tools
  • Administers, manages and utilizes vulnerability system and application scanning tools
  • Coordinates and advocate for secure development practices among disperse product owners to ensure that positive progress is maintained in vulnerability remediation in agile and waterfall development methodologies
  • Supports the education of developers and/or system administrators in secure coding and configuration practices to remediate or mitigate vulnerabilities

REQUIRED EDUCATION/ EXPERIENCE
  • Bachelor’s Degree in Computer Science or related field or 2 years of experience in Information Security role
  • 2+ years of experience as a Security Analyst or in Technology Integration
  • Demonstrated ability to work in a team environment
  • Strong organizational, analytical / problem solving skills
  • Ability to prioritize and manage multiple tasks
  • Must have excellent interpersonal, verbal and writing skills
  • Update security documentation as required
  • Document assessment findings and manage risk assessment repository
  • Identify and communicate assessment findings to Information Security Manager
  • Ability to deal with both technical and non-technical personnel
  • Ability to act independently

PREFERRED EDUCATION/ EXPERIENCE
  • Understanding of cybersecurity scanning technologies to include operating systems, Custom Code, Web-based vulnerability analysis, 3rd party installed and hosted applications, cloud-hosted compute platforms and microservices
  • Experience in security testing at scale by building and implementing static and dynamic analysis tools, vulnerability scanning tools, and integrating security into a CI/CD workflow
  • Strong ability to effectively integrate and operate cybersecurity tools in a highly matrixed and dispersed operating environment with multiple development methodologies
  • Experience supporting multiple internal and external support groups to integrate and enhance cybersecurity solutions to understand and prioritize overall risk in regard to business impact
  • Familiarity utilizing cybersecurity technology as code through API and common scripting languages (Python, PowerShell, Visual Basic, Ruby, etc.) and integrating multiple solutions into holistic enterprise platforms
  • Experience identifying and coordinating with appropriate teams across the organization to define processes and produce documentation so that engineered solutions are easily understood and repeatable

Lowe’s is an equal opportunity affirmative action employer and administers all personnel practices without regard to race, color, religion, sex, age, national origin, disability, sexual orientation, gender identity or expression, marital status, veteran status, genetics or any other category protected under applicable law.