The Penetration Testing Lead role is responsible for creating, executing, and improving processes and procedures while also providing thought leadership, guidance, and technical support to the rest of the team.
With a focus specifically on Security Threat & Vulnerability – Penetration Testing, this role leads and drives the execution of processes focused on vulnerability identification. This includes information security and risk activities such as oversight of vulnerability assessments serving both internal and external stakeholders. This role will also be responsible for communicating risk to the enterprise and work with appropriate teams to drive remediation efforts.
- Conducts internal and external Penetration Tests using proprietary and open-source tools to identify vulnerabilities and exposure within Lowe’s systems and applications
- Assist in developing methodologies for continuous enhancements to red teaming methods and processes
- Performs Hands-On Penetration Tests and Red Team assessments of Lowe’s enterprise and its infrastructure
- Performs network penetration, web and mobile application testing, source code reviews
- Develops, researches, and maintains proficiency in tools, techniques, countermeasures, and vulnerabilities trends ranging from data compromise/destruction, covert communications, encryption attacks
- Prescribes cybersecurity best practices techniques to address weaknesses in cyber assets and combat sophisticated threats against those assets
- Analyzes data to detect trends, make recommendations, and provide reporting, defines reporting requirements for standard reports
- Leads activities to assess adherence to the information security processes supported
- Answers questions from associates about the information security processes supported; handles more complex questions/issues elevated from other analysts on the team Designs and facilitates process optimization initiatives
- Serves as an escalation point and mentor for junior staff for the most complex support problems
- Maintains process documentation repositories; ensures information is compiled in a thorough and organized manner
- Leads efforts to develop standard operating procedures; identifies and incorporates improvements on procedures based on best practices and industry trends
- Collaborates with management to determine information security metrics and leads the collection of information security metric
- Maintains an awareness of information security news and trends
- Consolidates security-related findings, tracks KPIs, and presents results to information security and business leaders and/or vendors
- Researches current technologies to assist in the development of new capabilities and recommends solution options
- Advises users and team members on the execution of complex processes, interprets standards and regulations, and assists with solutions
- Creates and optimizes frameworks and tools and leads assessments of applications and businesses processes to help Lowe’s integrate security services
- Provides direction, coaching, and training to more junior level analysts to ensure that they have the knowledge and tools needed and to assist them with complex task
- Mentors and advises others, sharing an in-depth understanding of the company and industry methodologies, policies, standards, and controls
- Facilitates cross-functional (security, technology, business) teams to solve complex problems
- Provides insight and consultation to help ensure new and existing security solutions are developed with insight into industry best practices, strategies, and architectures
- Makes recommendations for process or technology changes
- Develops tools or processes to operationalize/improve workflows
- Partners with senior key stakeholders to develop and/or update Information Security documents such as policies, standards, procedures, training
- Bachelor’s degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field
- 6 years of experience in information security
- Advanced understanding of fundamental security and network concepts (Windows and Unix security: OS lockdown; logging and monitoring; application security; user access; perimeter protection principles, network communication rules; intrusion detection and analysis methods; etc.)
- Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen)
- 5+ years penetration testing experience
- 3+ years functioning as a lead on security engagements
- Ability to analyze and write technical reports
- 3+ years of programming or scripting language (python, java, bash, powershell)
- Familiarity with vulnerability management and penetration testing tools operating system internal functions.
- Ability to present/defend positions and build consensus with technical/non-technical personnel across different agencies/organizations.
- Ability to translate vulnerabilities into remediation efforts and work with relevant teams
Lowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 20 million customers a week in the United States and Canada. With fiscal year 2020 sales of nearly $90 billion, Lowe’s and its related businesses operate or service more than 2,200 home improvement and hardware stores and employ over 300,000 associates. Based in Mooresville, N.C., Lowe’s supports the communities it serves through programs focused on creating safe, affordable housing and helping to develop the next generation of skilled trade experts. For more information, visit Lowes.com.
About Lowe’s in the Community:
As a FORTUNE® 50 home improvement company, Lowe’s is committed to creating safe, affordable housing and helping to develop the next generation of skilled trade experts through nonprofit partnerships. Across every community we serve, Lowe’s associates donate their time and expertise through the Lowe’s Heroes volunteer program. For the latest news, visit Newsroom.Lowes.com or follow @LowesMedia on Twitter.
Lowe’s is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.
- Address Mooresville, NC, USA
- Salary Offer $100.000 ~
- Experience Level Senior
- Total Years Experience 5-10
- Academic Degree Bachelors