Sr Security Engineer – WAF

Job Summary:

The Sr Security Application Engineer’s primary purpose is to provide application security consulting to digital channel software development resources and advance information security tooling and services. This includes providing support for security engineering and analysis efforts on Web Application Firewall (WAF) configuration, BOT mitigation, development-related SOC efforts, assessing application and service security, and modeling threats. To be successful in this role, an individual must be versed in cybersecurity concepts and possess the ability to execute complex security engineering solutions.

Key Responsibilities:

  • Provide hands-on engineering support for discovery, implementation, oversight for 3rd party script supply chain (Magecart), and fraud security solutions
  • Create and support security engineering solutions related to e-Commence account and payment fraud
  • Document and model potential Digital application security threats and mitigations
  • Participate in SOC and Threat Intelligence tasks providing security engineering and secure software analysis to determine threat impact and risk
  • Participate in and execute a technical evaluation of pertinent new security technologies addressing emerging threats and industry trends
  • Facilitate, deliver, and support integration engineering efforts for Digital in-house, COTS, and SaaS security solutions
  • Deliver and resolve complex engineering problems spanning multiple applications to drive overall improvements in security across systems and applications
  • Assist the Information Security team in monitoring and managing security systems and reviewing logs
  • Respond to escalated security engineering issues for enterprise systems; facilitate and troubleshoot when necessary
  • Serve as a security engineering resource for project teams throughout the implementation and maintenance of assigned information security solutions; contribute to the definition and governance of security documentation (e.g. guidelines, processes, procedures)
  • Support Vulnerability Management efforts in reviewing security defects and providing remediation consulting to development teams
  • Assist development teams and Vulnerability Management with the prioritization of application security defects

Minimum Qualifications:

  • Bachelor’s Degree in Computer Science, CIS, Engineering, Cybersecurity, or related field (or equivalent work or military experience in a related field)
  • 5 years of experience in technology system support, software development or a related field
  • 3 years of experience with information security applications and systems
  • 2 years of experience in database technologies
  • 4 years of experience working on project(s) involving the implementation of solutions applying development life cycles (SDLC)
  • 1 year of DevOps experience
  • 3 years of experience evaluating entire applications (Container, Infrastructure, host platform) to identify potential threats and vulnerabilities
  • 3 years of experience in the custom enhancement or development of applications using secure coding techniques to reduce the threat of remote or local vulnerabilities

Preferred Qualifications:

  • In most cases Lowe’s will not be able to provide sponsorship for roles located in the Tech Hub
  • Knowledge of Magecart style attacks and mitigation solutions
  • Knowledge of browser security headers (e.g. CSP, HSTS, etc.)
  • Knowledge of or experience with 3rd party supply chain JavaScript analysis and protection products (e.g. Source Defense, Tala Security, Reflectiz, Akamai Page Integrity Manager, etc.)
  • Knowledge of e-Commerce account fraud concepts and mitigations
  • Experience in delivering security product deployments, integration, and operational efforts
  • Experience facilitating vendor security product requests for engineering requirements, enhancements, maintenance, and configuration.
  • Familiarity with WAF, Bot, and API gateway concepts and products
  • Familiarity of OWASP Top 10 and/or SANS Top 25 secure coding practices
  • Familiarity with one or more of the following development languages: Java, Python, JavaScript/Node.js, GO, PHP


About Lowe’s:

Lowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 18 million customers a week in the United States and Canada. With fiscal year 2019 sales of $72.1 billion, Lowe’s and its related businesses operate or service more than 2,200 home improvement and hardware stores and employ approximately 300,000 associates. Based in Mooresville, N.C., Lowe’s supports its hometown Charlotte region and all communities it serves through programs focused on creating safe, affordable housing and helping to develop the next generation of skilled trade experts. For more information, visit Lowes.com.

About Lowe’s in the Community:
As a FORTUNE® 50 home improvement company, Lowe’s is committed to creating safe, affordable housing and helping to develop the next generation of skilled trade experts through nonprofit partnerships. Across every community we serve, Lowe’s associates donate their time and expertise through the Lowe’s Heroes volunteer program. For the latest news, visit Newsroom.Lowes.com or follow @LowesMedia on Twitter.

Lowe’s is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.

More Information

Apply for this job

Leave your thoughts

Share this job