Sr. SOC Engineer of Allied & ForensicsApply Now Job ID 1539344BR Date posted 02/11/2019 Location Mooresville, NC Location Name CSC-Mooresville Address 1000 Lowes Boulevard Employment Type I Regular Employment Type II Full-Time Line of Business Corporate Department 0014 - IT Security TVM
PURPOSE OF ROLE
The Sr. SOC Engineer of Allied & Forensics will spearhead the implementation of Security Information and Event Management (SIEM) development for Lowe’s cloud and allied business monitoring and incident response initiatives with a focus on incident forensics and malware reverse engineering. Also, serve as a dedicated SME for the Security Operations Center (SOC) for all aspects of cloud & allied platform information security, to include assessing platform capabilities, leveraging available security functionality and tools, and leading efforts to manage monitoring and incident response.
This position will play a significant role in authenticating tools and processes are effectively supporting security incident logging and monitoring objectives, and for validating the proper creation of actionable cyber security events and incidents across the Lowe’s cloud and allied business environment.
Furthermore, the Sr. SOC Engineer, Allied & Forensics will work in collaboration with a team of accomplished cybersecurity analyst to address complex or difficult problems as needed within a 24x7 SOC environment, and will partner with SOC Leadership to ensure the continuous improvement to monitoring, detection and mitigation capabilities.
- Research and assess the security capabilities and functionality of new or existing cloud platforms, and perform gap and/or integration analysis as needed
- Recommend specific tools and processes to maximize monitoring and response capability
- Engineer logging and collection of security event data and transmission to technology components for security incident analysis
- Ensure the completeness and accuracy of security event data by ongoing monitoring of log sources
- Work with SOC Tier III analysts to develop and test monitoring and alerting use cases and maintain documentation
- Apply best practices in the development of on premise and cloud-based security alerts based on both OEM and in-house developed detection logic
- Assist with the configuration of SIEM tools to analyze security event data, detect suspicious activity, and alert on potential security incidents
- Remove decommissioned, irrelevant or obsolete log sources
- Validate logging system field extractions and correct as needed
- Use of native cloud platform security tools and management consoles
- Develops log aggregation system alerts and searches across instances, including allied businesses
- Escalates cyber security events according to Lowe’s Incident Response Plan, as needed
- Collaborates with technical teams to identify, resolve, and mitigate events
- SME on incident forensics (host, network and cloud environments) and malware reverse engineering.
- Develops products and reports that can be sent for awareness to various groups and levels of leadership
- Bachelor’s Degree in related field and 6 years of experience in Information and Network Security or 8 years of IT experience to include 2 years of Information and Network Security
- Strong technical, analytical, interpersonal, communication and writing skills.
- Strong verbal and written communication skills with ability to work in a team
- Basic understanding of fundamental security and network concepts (Operating systems, intrusion/detection, TCP/IP, ports, etc.)
- Willing to work in a team-oriented 24/7 SOC environment; flexibility to work on a rotating schedule (including occasional shift work)
- Retail experience in the Information Technology Industry
- One or more security or security vendor certifications
- Previous experience working in a Security Operations Center (SOC) environment
- Experience with log aggregation and security event generation activities
- Intermediate knowledge of Splunk, and knowledge of syslog and Windows/Azure/O365/GCP event log formats
- Functional to intermediate knowledge of Microsoft cloud platforms, to include knowledge of all feature sets applicable to security event detection and monitoring. Understanding of security log/event import/export capabilities, i.e. push or pull to SIEM
- Functional to intermediate knowledge of Google cloud platforms, to include knowledge of all feature sets applicable to security event detection and monitoring. Understanding of security log/event import/export capabilities, i.e. push or pull to SIEM
- Advanced understanding of Windows and Unix security: OS lockdown; logging and monitoring; application security; user access
- Functional to intermediate knowledge of cloud forensics, auditing, incident investigation, threat hunting and threat intelligence applications.
- Advanced knowledge of host and network forensics, auditing, incident investigation, threat hunting and threat intelligence applications.
- Intermediate knowledge of perimeter protection principles: understanding the rules of network communication
- Intermediate understanding of intrusion detection and analysis methods
- Intermediate understanding of incident response activities: detecting, analyzing, and responding to various types of malicious activity
Lowe’s is an equal opportunity affirmative action employer and administers all personnel practices without regard to race, color, religion, sex, age, national origin, disability, sexual orientation, gender identity or expression, marital status, veteran status, genetics or any other category protected under applicable law.Apply Now Email Job
RT @Lowes: Lowe's is proud to offer 10% off eligible purchases every day to active military personnel and veterans.
Thank you to all the students who came out! Learn more about our student events here: low.es/2XktrQq 👩🎓👨🎓
When Lowe's heard that Michigan resident Danny Newland's snowblower had been stolen, we knew we had to replace it. It was a snow brainer! Learn more about the story here: sm.lowes.com/LiGeaP
Transitioning from the military can be daunting. Lowe's Executive Vice President, Joe McFarland, knows from first-hand experience. Read this Q&A with him and learn how he made the most of his transition: sm.lowes.com/XLpfsW #TransitioningVeterans #MilitaryHiring pic.twitter.com/j1dc2mhdtJ
A seasonal position at Lowe's can blossom into a rewarding, full-time career. Join our team this #SpringHire season! 🌸 Discover available roles here: sm.lowes.com/irOsUV pic.twitter.com/S6ESJJy509
No winter blues here. Our team in Lowell, MA is all smiles! Discover how you can join the team here: sm.lowes.com/5dykWe #SpringHire pic.twitter.com/Ez8a4hhOhC
Whether you're a rookie or veteran employee, there's room to grow at Lowe's. Discover fresh #SpringHire opportunities and join our team here: sm.lowes.com/SLGeyK pic.twitter.com/XLJpPZxd2i
It's raining cats and jobs! Say hello to Lola, our feline friend in Sulphur Springs, TX. Get a red vest like hers by joining our team right meow! 🐱 #SpringHire #SulphurSprings #Texashttp://sm.lowes.com/3HRNzX pic.twitter.com/Qfid5TmyUO