Analyst, Information Security

Your Impact
The primary purpose of this role is to support the implementation and ongoing delivery of information security tools and processes. This includes responsibility for executing and improving processes and procedures with occasional guidance from more senior-level security associates.
This role solves moderately complex problems while completing both tactical and non-tactical activities in support of the successful delivery of assigned information security processes.
The individual in this role continues to grow his/her understanding across the various tools and processes supported by the team, including the key integration points with other parts of Technology. He/she receives occasional guidance and direction from more senior-level associates on the team.
With a focus specifically on Identity & Access Management , this role focuses on delivering timely, accurate, and controlled system access for Lowe's global workforce. This includes assisting with creating and maintaining processes, tools, controls, and governance mechanisms such as roles, reports, metrics, and issue resolution services
What you will do;

• Analyze data to detect trends, make recommendations, and provide reporting.
• Help assess adherence to the information security processes supported.
• Answer questions from associates about the information security processes supported.
• Document current-state business processes and opportunities for automation.
• Attempt to resolve problems and then escalate problems as necessary to appropriate resources (e.g., support team, vendor).
• Contribute to and help maintain process documentation repositories.
• Help develop standard operating procedures; identify and suggest possible improvements on procedures.
• Collaborate with management to determine information security metrics and help with the collection of information security metrics.
• Maintain an awareness of information security news and trends.
• Help consolidate security-related findings, track OKRs, and present results to information security and business leaders and/or vendors.
• Research current technologies to assist in the development of new capabilities.
• Translate and document business needs into technical requirements and solutions.

Identity & Access Management Responsibilities

• Support the execution of processes and procedures in areas that include Identity & Access Management, security policies, standards and controls creation and management, compliance management, risk management, training, and vulnerability assessment and remediation.
• Support IAM services including account lifecycle management, application onboarding, access governance, and privileged access management.
• Complete intermediate-complexity account lifecycle management, application onboarding to the IAM services, provisioning, access governance, role-based access creation, privileged access governance, and end-user support for IAM and access-related service issues.
• Fulfill information security request intake requests for services, access, and information.
• Conduct assessments of applications and business processes to help Lowe's manage security risks.
• Work on several information security request intake processes.
• Distribute provisioning workloads for execution and manage the status of the fulfillment process.
• Define business and technical requirements for applications that will be included in centralized provisioning processes using enterprise standard technology platforms.

Required Qualifications

• Bachelor's Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or a related field (or equivalent work or military experience in a related field).
• 2 years of experience in information security.
• Basic understanding of fundamental security and network concepts (Windows and Unix security: OS lockdown; logging and monitoring; application security; user access; perimeter protection principles, network communication rules; intrusion detection and analysis methods; etc.).

Preferred Qualifications

• IT experience in the retail industry
• Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen)

Identity & Access Management :

• Experience with IAM technology implementation and operations (e.g., CA, Sailpoint, OKTA, SSO, MFA, IGA, Microsoft AD).
• Security Operations Center (SOC)
  Willing to work in a team-oriented 24/7 SOC environment; flexibility to work on a rotating schedule (including occasional shift work).
• Basic knowledge of Microsoft and Google Cloud platforms, including knowledge of all feature sets applicable to security event detection and monitoring.
• Basic understanding of incident response activities: detecting, analyzing, and responding to various types of malicious activity.
• Basic knowledge of Microsoft and Google Cloud platforms, including knowledge of all feature sets applicable to security event detection and monitoring.
• Previous experience working in a Security Operations Center (SOC) environment.
• Experience with malware analysis.

Security Threat & Vulnerability:

• Basic knowledge of threat intelligence, threat hunting, attack surface management, and investigations Code, support functions.
• General understanding of the output from cybersecurity scanning technologies to include operating systems, Custom Web-based vulnerability analysis, 3rd party installed and hosted applications, cloud-hosted compute platforms, and microservices.

Security Governance, Risk & Compliance :

• 1 year of experience developing Cybersecurity or information assurance policies, standards, awareness training, or equivalent issuances.
• 1 year of experience conducting assessments or technical reviews to analyze risk.
  Experience with information security programs, audits, controls, assessments, risk assessments, or remediation management.
• Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen).
• Experience conducting information security risk assessments of vendors and vendor software.

Where You'll Be

• Associates are required to relocate to the Charlotte region to foster collaboration and facilitate improved testing and support.
• Lowe's supports a Flex Office concept where in-person work is required two days per week at the Charlotte Tech Hub
• Most business meetings are planned around the Eastern time zone.

About Lowe's
Lowe's Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 16 million customer transactions a week in the United States. With total fiscal year 2023 sales of more than $86 billion, Lowe's operates over 1,700 home improvement stores and employs approximately 300,000 associates. Based in Mooresville, N.C., Lowe's supports the communities it serves through programs focused on creating safe, affordable housing and helping to develop the next generation of skilled trade experts. For more information, visit Lowes.com .
Lowe's is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.
Pay Range: $75,300.00 - $143,100.00 annually Starting rate of pay may vary based on factors including, but not limited to, position offered, location, education, training, and/or experience. For information regarding our benefit programs and eligibility, please visit https://talent.lowes.com/us/en/benefits.