Engineer, Information Security
Location
Bangalore | India
Job description
About Lowe's
Lowe's Companies, Inc. (NYSE: LOW) is a FORTUNEĀ® 50 home improvement company serving approximately 17 million customer transactions a week in the U.S. With total fiscal year 2022 sales of over $97 billion, approximately $92 billion of sales were generated in the U.S., where Lowe's operates over 1,700 home improvement stores and employs approximately 300,000 associates. Based in Mooresville, N.C., Lowe's supports the communities it serves through programs focused on creating safe, affordable housing and helping to develop the next generation of skilled trade experts.
About Lowe's India: At Lowe's India, we are the enablers who help create an engaging customer experience for our $97 billion home improvement business at Lowe's. Our 4000+ associates work across technology, analytics, business operations, finance & accounting, product management, and shared services. We leverage new technologies and find innovative methods to ensure that Lowe's has a competitive edge in the market.
About The Team Application security team is responsible for taking care of SAST and DAST, asset scanning related operational task for multiple tools like SNYK, Nexpose, Insightappsec. Team is responsible to connect with developers help them in in remediation efforts for all the applications.
Job Summary Engineer have 3 to 4+ years of experience in application security information security systems/applications and recommends and develops security measures to protect information against unauthorized modification or loss.
Knowledge and hands on experience Snyk,Insight appsec,nexpose, Taniun, Pipeline integration CICD, Devsecops, based on OWASP top10
Core Responsibilities - Engineer should have 3 to 4+ years of experience in application security, Whitebox security review, or code review. This is a Engineer profile who deeply understanding the application through manually reviewing the source code and noticing security flaws. Through comprehension of the application vulnerabilities unique to the application can be found.
- Application security analyst should Analyze information security systems and applications and recommends and develops security measures to protect information against unauthorized modification or loss.
- Good understanding on secure code control systems.
- Experience working with continuous integration/continuous deployment tools.
- Good to have knowledge on cloud technologies.
- Experience in systems analysis, including defining technical requirements and focus on performing high level design for complex solutions.
- Implement assigned information security service solution to ensure successful deployment, develops and documents detailed standards.
- Collaborates with other technology teams including engineering to design and implement remediation solutions.
- Works on security tools and experience on tools customization, integration as business needs.
- Collaboration with vendor and multiple team members.
- Analyze the application data and integrate with dashboard for metrics measurement.
- Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSSv2/3).
- Strong knowledge of understanding multiple vulnerability scanning tools.
- Stong knowledge of Unix/Windows/NMAP Administrative Expertise.
- Utilize source code scan tools to assist application development teams to apply the best practice for application security and catch potential vulnerabilities at early stage
- Assist in evaluating, planning, configuration, and implementation of new/existing security applications/tools
- Work with teams to detect, fix and remediate vulnerabilities found during build process and make sure newly built infrastructure and applications have an acceptable risk to move forward.
- Strong communication skills (verbal, written)
Years Of Experience Should have 3 to 4 years of experience in application security.
Required Minimum Qualifications - Bachelor's Degree in IT or similar field and 3-4 years relevant work experience
- Demonstrated success in leading or managing multiple projects & engagements
- Strong writing, presenting and influencing skills
Preferred Qualifications - Master's Degree in technical related field
- CRISC, CISA, CEH or equivalent certifications
- Retail business experience
- Experience with Vulnerability Identification and Scanning Tools (SNYK, Insightappsec, Nexpose, Qualys, Tanium etc.)
- Experience with Vulnerability Management in Hybrid cloud environments.
- Experience with Secure Software Lifecycle Development, Devsecops.
Primary Skills (must Have)- Experience with Vulnerability Identification and Scanning Tools (SNYK, Insightappsec, Nexpose, Qualys, Tanium etc.)
- Devsecops
- CICD pipeline integration
- Knowledge of GCP
- Vulnerability Management
Secondary Skills (desired)- Languages can add value: Python, Java, .Net
Lowe's is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law. Starting rate of pay may vary based on factors including, but not limited to, position offered, location, education, training, and/or experience. For information regarding our benefit programs and eligibility, please visit
Job tags
Salary
