Senior Engineer – Application Security

This position has been filled or has expired. To search all open positions, visit our Job Board.

Lowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 18 million customers a week in the United States and Canada. With fiscal year 2019 sales of $72.1 billion, Lowe’s and its related businesses operate or service more than 2,200 home improvement and hardware stores and employ approximately 300,000 associates. Based in Mooresville, N.C., Lowe’s supports its hometown Charlotte region and all communities it serves through programs focused on creating safe, affordable housing and helping to develop the next generation of skilled trade experts. For more information, visit Lowes.com.

Overview:
The Senior Engineer, Application Security is responsible for supporting new deployment efforts, vulnerability scanning, and vulnerability remediation/mitigation within custom developed and commercial off the shelf applications. In this role, the Senior Engineer, Application Security will be a vital member of a high-impact team performing technical evaluations of security technologies and identify mitigations, research and investigate new and emerging vulnerabilities. The Senior Engineer, Application Security will analyze a wide breadth of security scanning technology to ensure components are properly configured and tuned appropriately to validate outputs.

Additionally, you will be providing guidance and conduct the integration of various security tools to support a wide range of testing in place and new applications. You will utilize both automated and manual methods to enhance the capabilities of these security tools using various programming languages (Python, Ruby, PowerShell, SQL, Java, etc.)

Responsibilities:
• Creates scripts to utilize REST API components of industry-standard tools to integrate vulnerability assessments into the CI/CD process.
• Validates outputs from automated vulnerability assessments to reduce false positives and update those tools to prevent reoccurrence.
• Working knowledge of containers and container management platforms to support the integration of vulnerability assessment tools.
• Administer, manage and use vulnerability system and application scanning tools.
• Coordinate and advocate for secure development practices among disperse product owners to ensure that positive progress is maintained in vulnerability remediation in agile and waterfall development methodologies.
• Support the education of developers and/or system administrators in secure coding and configuration practices to remediate or mitigate vulnerabilities.
• Designs and performs internal and external penetration validation testing to ensure that computer systems are up to date relative to all operating systems, patches, and virus protection software.
• Collaborates with other technology teams including Engineering to design and implement remediation solutions.
• Identifies, reports, and provides assistance during information security incidents as part of an Incident Response • Team; reviews and responds to security alerts to investigate malicious activity.
• Supports evaluation of new security technologies that address both current and future needs based on emerging threats and industry trends.
• Keeps up to date with exploits relevant to the retail sales environment.
• Solves complex architecture/design and business problems; solutions are extensible; works to simplify, optimize, remove bottlenecks, etc.
• Provides mentoring and guidance to more junior level engineers; may provide feedback and direction on specific engineering tasks.
• Responds to escalated security issues for enterprise systems; facilitates advanced diagnosis and troubleshooting when necessary.
• Participates in the implementation of hardware and software changes into environments to ensure security requirements are met.
• Provides input into security breach response procedures; helps lead security breach response activities.
• Leads break/fix activities, escalating problems to senior management and/or vendors as appropriate.
• Analyzes the output of industry-standard cybersecurity tools and identifies remediations to reduce risk and exposure of applications.
• Completes custom enhancements of applications using secure coding techniques to reduce the threat of remote or local vulnerabilities.
• Evaluates entire applications (Container, Infrastructure, host platform) to identify potential threats and vulnerabilities.

Qualifications:
Required

• Bachelor’s degree in Computer Science, CIS, Engineering, Cybersecurity, or related field (or equivalent work or military experience in a related field)
• 5+ years of experience in technology system support, software development or a related field
• 3+ years of experience with information security applications and systems
• 2+ years of experience in database technologies
• 4+ years of experience working on project(s) involving the implementation of solutions applying development life cycles (SDLC)
• 1+ year(s) of DevOps experience
• 3+ years of experience evaluating entire applications (Container, Infrastructure, host platform) to identify potential threats and vulnerabilities
• 3+ years of experience in the custom enhancement or development of applications using secure coding techniques to reduce the threat of remote or local vulnerabilities
Preferred
• Bachelor’s Degree in Computer Science or related field with 4 years of experience
• Familiar with networks and data analysis
• Strong experience conducting vulnerability assessments
• Experience in one or more of the following programming languages (Python, Ruby, PowerShell, SQL, and/or Java)
• Working knowledge of containers and container management platforms
• Familiar with network and system architectures
• Familiar with incident response methodologies “Retail” industry experience in an Information Technology related area
• One or more of the following Information Security certifications: CISSP, CISM, CISA, CRIS