Skip Navigation

No saved jobs found!

Job Description

Job Description

Sr. SOC Engineer of Allied & Forensics

Job ID 1539344BR Date posted 02/11/2019 Location Mooresville, NC Location Name CSC-Mooresville Address 1000 Lowes Boulevard Employment Type I Regular Employment Type II Full-Time Line of Business Corporate Department 0014 - IT Security TVM

PURPOSE OF ROLE

The Sr. SOC Engineer of Allied & Forensics will spearhead the implementation of Security Information and Event Management (SIEM) development for Lowe’s cloud and allied business monitoring and incident response initiatives with a focus on incident forensics and malware reverse engineering. Also, serve as a dedicated SME for the Security Operations Center (SOC) for all aspects of cloud & allied platform information security, to include assessing platform capabilities, leveraging available security functionality and tools, and leading efforts to manage monitoring and incident response.

This position will play a significant role in authenticating tools and processes are effectively supporting security incident logging and monitoring objectives, and for validating the proper creation of actionable cyber security events and incidents across the Lowe’s cloud and allied business environment.

Furthermore, the Sr. SOC Engineer, Allied & Forensics will work in collaboration with a team of accomplished cybersecurity analyst to address complex or difficult problems as needed within a 24x7 SOC environment, and will partner with SOC Leadership to ensure the continuous improvement to monitoring, detection and mitigation capabilities.

RESPONSIBILITY STATEMENTS

  • Research and assess the security capabilities and functionality of new or existing cloud platforms, and perform gap and/or integration analysis as needed
  • Recommend specific tools and processes to maximize monitoring and response capability
  • Engineer logging and collection of security event data and transmission to technology components for security incident analysis
  • Ensure the completeness and accuracy of security event data by ongoing monitoring of log sources
  • Work with SOC Tier III analysts to develop and test monitoring and alerting use cases and maintain documentation
  • Apply best practices in the development of on premise and cloud-based security alerts based on both OEM and in-house developed detection logic
  • Assist with the configuration of SIEM tools to analyze security event data, detect suspicious activity, and alert on potential security incidents
  • Remove decommissioned, irrelevant or obsolete log sources
  • Validate logging system field extractions and correct as needed
  • Use of native cloud platform security tools and management consoles
  • Develops log aggregation system alerts and searches across instances, including allied businesses
  • Escalates cyber security events according to Lowe’s Incident Response Plan, as needed
  • Collaborates with technical teams to identify, resolve, and mitigate events
  • SME on incident forensics (host, network and cloud environments) and malware reverse engineering.
  • Develops products and reports that can be sent for awareness to various groups and levels of leadership

REQUIRED EDUCATION/EXPERIENCE

  • Bachelor’s Degree in related field and 6 years of experience in Information and Network Security or 8 years of IT experience to include 2 years of Information and Network Security
  • Strong technical, analytical, interpersonal, communication and writing skills.
  • Strong verbal and written communication skills with ability to work in a team
  • Basic understanding of fundamental security and network concepts (Operating systems, intrusion/detection, TCP/IP, ports, etc.)
  • Willing to work in a team-oriented 24/7 SOC environment; flexibility to work on a rotating schedule (including occasional shift work)

PREFERRED EDUCATION/EXPERIENCE

  • Retail experience in the Information Technology Industry
  • One or more security or security vendor certifications
  • Previous experience working in a Security Operations Center (SOC) environment
  • Experience with log aggregation and security event generation activities
  • Intermediate knowledge of Splunk, and knowledge of syslog and Windows/Azure/O365/GCP event log formats
  • Functional to intermediate knowledge of Microsoft cloud platforms, to include knowledge of all feature sets applicable to security event detection and monitoring. Understanding of security log/event import/export capabilities, i.e. push or pull to SIEM
  • Functional to intermediate knowledge of Google cloud platforms, to include knowledge of all feature sets applicable to security event detection and monitoring. Understanding of security log/event import/export capabilities, i.e. push or pull to SIEM
  • Advanced understanding of Windows and Unix security: OS lockdown; logging and monitoring; application security; user access
  • Functional to intermediate knowledge of cloud forensics, auditing, incident investigation, threat hunting and threat intelligence applications.
  • Advanced knowledge of host and network forensics, auditing, incident investigation, threat hunting and threat intelligence applications.
  • Intermediate knowledge of perimeter protection principles: understanding the rules of network communication
  • Intermediate understanding of intrusion detection and analysis methods
  • Intermediate understanding of incident response activities: detecting, analyzing, and responding to various types of malicious activity

Lowe’s is an equal opportunity affirmative action employer and administers all personnel practices without regard to race, color, religion, sex, age, national origin, disability, sexual orientation, gender identity or expression, marital status, veteran status, genetics or any other category protected under applicable law.

Email Job

Talent Community

Please sign up here to join our Talent Community

*Please note you will need to continue through the application process in order to apply.

Stay Connected

Read More | Get Social