Skip Navigation

No saved jobs found!

Job Description

Job Description

SOC Tier III Cloud, Allied and Forensics Security Engineer

Job ID 1539344BR Date posted 02/11/2019 Location Mooresville, NC Location Name CSC-Mooresville Address 1000 Lowes Boulevard Employment Type I Regular Employment Type II Full-Time Line of Business Corporate Department 0014 - IT Security TVM


The SOC Tier III Cloud, Allied and Forensics Security Engineer will serve as a Subject Matter Expert (SME) for the Security Operations Center (SOC) primarily for cloud and allied platform information security, to include assessing platform capabilities, leveraging available security functionality and tools, and supporting efforts to manage monitoring and incident response. This will consist of implementation of Security Information and Event Management (SIEM) logic/rule/alert development for Lowe’s cloud and allied business monitoring and incident response initiatives with a focus on incident forensics and malware reverse engineering.

The incumbent will have shared responsibility for validating that tools and processes are effectively supporting security incident logging and monitoring objectives, and for validating the proper creation of actionable cyber security events and incidents across the Lowe’s cloud and allied business environment.

The SOC Tier III Cloud, Allied and Forensics Security Engineer works among a team of skilled technicians to address complex problems as needed within a 24x7 SOC environment following processes and procedures as identified by SOC Leadership to ensure the continuous improvement to monitoring, detection and mitigation capabilities.


  • Research and assess the security capabilities and functionality of new or existing cloud platforms, and perform gap and/or integration analysis as needed
  • Recommend specific tools and processes to maximize monitoring and response capability
  • Support logging and collection of security event data and transmission to technology components for security incident analysis
  • Ensure the completeness and accuracy of security event data by ongoing monitoring of log sources
  • Work with SOC Tier III analysts to develop and test monitoring and alerting use cases and maintain documentation
  • Apply best practices in the development of on-premise and cloud-based security alerts based on both OEM and in-house developed detection logic
  • Assist with the configuration of SIEM tools to analyze security event data, detect suspicious activity, and alert on potential security incidents
  • Identify decommissioned, irrelevant or obsolete log sources
  • Validate logging system field extractions and provide feedback as needed
  • Use of native cloud platform security tools and management consoles
  • Develop log aggregation system alerts and searches across instances, including allied businesses
  • Escalate cybersecurity events according to Lowe’s Incident Response Plan, as needed
  • Collaborate with technical teams to identify, resolve, and mitigate events
  • SME on incident forensics (host, network and preferably cloud environments) and malware reverse engineering.
  • Develop products and reports that can be sent for awareness to various groups and levels of leadership


  • Bachelor’s Degree in related field and 6 years of experience in Information and Network Security OR 8 years of IT experience to include 2 years of Information and Network Security
  • Strong technical, analytical, interpersonal, communication and writing skills.
  • Strong verbal and written communication skills with the ability to work in a team
  • Basic understanding of fundamental security and network concepts (Operating systems, intrusion/detection, TCP/IP, ports, etc.)
  • Willing to work in a team-oriented 24/7 SOC environment; flexibility to work on a rotating schedule (including occasional shift work)


  • Knowledge of Splunk, and knowledge of Syslog and Windows/Azure/O365/GCP event log formats
  • Knowledge of Microsoft cloud platforms, to include knowledge of all feature sets applicable to security event detection and monitoring. Understanding of security log/event import/export capabilities push or pull to SIEM
  • Knowledge of Google cloud platforms, to include knowledge of all feature sets applicable to security event detection and monitoring
  • Understanding of security log/event import/export capabilities, i.e., push or pull to SIEM.Advanced Understanding of Windows and Unix security: OS lockdown; logging and monitoring; application security; user access
  • Knowledge of cloud forensics, auditing, incident investigation, threat hunting, and threat intelligence applications.
  • Advanced knowledge of host and network forensics, auditing, incident investigation, threat hunting, and threat intelligence applications
  • Knowledge of perimeter protection principles: understanding the rules of network communication
  • Understanding of intrusion detection and analysis methods
  • Understanding of incident response activities: detecting, analyzing, and responding to various types of malicious activity

Lowe’s is an equal opportunity affirmative action employer and administers all personnel practices without regard to race, color, religion, sex, age, national origin, disability, sexual orientation, gender identity or expression, marital status, veteran status, genetics or any other category protected under applicable law.

Email Job

Talent Community

Please sign up here to join our Talent Community

*Please note you will need to continue through the application process in order to apply.

Stay Connected

Read More | Get Social