Sr Engineer, Information Security
Location
Bangalore | India
Job description
About Lowe's
Lowe's Companies, Inc. (NYSE: LOW) is a FORTUNEĀ® 50 home improvement company serving approximately 17 million customer transactions a week in the U.S. With total fiscal year 2022 sales of over $97 billion, approximately $92 billion of sales were generated in the U.S., where Lowe's operates over 1,700 home improvement stores and employs approximately 300,000 associates. Based in Mooresville, N.C., Lowe's supports the communities it serves through programs focused on creating safe, affordable housing and helping to develop the next generation of skilled trade experts.
About Lowe's India: At Lowe's India, we are the enablers who help create an engaging customer experience for our $97 billion home improvement business at Lowe's. Our 4000+ associates work across technology, analytics, business operations, finance & accounting, product management, and shared services. We leverage new technologies and find innovative methods to ensure that Lowe's has a competitive edge in the market.
About The Team The Digital Application Security team provides services focused on protecting Lowe's Digital assets. The team manages the WAF/Bot Attack Mitigation and Malicious Script Defense services in the Digital Application Security portfolio as well as participates in efforts to reduce Digital fraud for the organization. The team works closely with partners across the organization to implement proactive security measures as well as respond to various types of attacks across the Digital platforms.
Job Summary The primary purpose of this role is to provide Digital Security Services for eCommerce, Digital, and API platforms. This includes providing support for security services and engineering efforts pertaining to Web Application Firewall (WAF), Bot mitigation, and malicious script mitigation techniques.
To be successful, the individual in this role must be versed in cybersecurity concepts and possess the ability to execute on complex security engineering solutions. This role requires the ability to collaborate closely with other departments to ensure the company's platform is secure and in compliance with industry standards.
Core Responsibilities - Serve as a Hands-on subject matter expert for Web Application Firewall (WAF), BOT mitigation, and script mitigation tooling
- Provide analysis for WAF/BOT mitigation designs and implementation plans
- Research website and API traffic telemetry and determine appropriate WAF/BOT mitigation
- Analyse WAF/BOT attack traffic to assess security risk, derive severity, and set mitigation priority
- Participate in planning efforts and implement incremental WAF/BOT threat identification and mitigation improvements
- Analyse script alerting to assess security risk, derive severity, and set mitigation priority
- Participate in SOC and threat intelligence tasks providing security consulting
- Participate in and execute technical evaluations of pertinent new security technologies addressing emerging threats and industry trends
- Participate in modelling potential Digital Application security threats and mitigations
- Facilitate, deliver, and support integration engineering efforts for Digital in-house, COTS and SaaS security solutions
- Deliver and resolve complex engineering problems spanning multiple applications to drive overall improvements in security across systems and applications
- Respond to escalated security engineering issues for enterprise systems, facilitate and troubleshoot when necessary
- Serve a security engineering resource for project teams throughout the implementation and maintenance of assigned information security solutions, contribute to the definition and governance of security documentation (e.g. guidelines, processes, procedure)
Years Of Experience - Overall 5 years of experience in IT, Software engineering or relative field.
- 3-5 years Information Security experience (or combination of Information Security and Application Development)
Required Minimum Qualifications - Bachelors Degree in Computer Science, CIS, Engineering, Cybersecurity, or related field (or equivalent work experience in a related field)
- Relevant information security certifications (e.g. CISSP, CISM, CEH, GPen)
Primary Skills (must Have)- Advanced understanding of information security practices and policies
- Experience working with an IT Infrastructure Library (ITIL) framework
- Experience in securing retail eCommerce platforms
- Working knowledge of WAF and BOT concepts and solutions
- Experience implementing web application firewalls for e-Commerce sites
- Experience in delivering security product deployments, integrations, and operational efforts
- Experience facilitating vendor security product requests for engineering requirements, enhancements, maintenance, and configuration
Secondary Skills (desired)- Knowledge of browser security headers (e.g. CSP, HSTS, etc.)
- Knowledge of API security gateway concepts
- Knowledge of retail regulatory scope (PCI, SOX, etc.)
- Familiarity with OWASP Top 10 and/or SANS Top 25
- Familiarity with one or more of the following development languages: Java, Python, JavaScript/Node.js, GO, PHP
- Familiarity of Magecart style attacks and mitigations
Lowe's is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law. Starting rate of pay may vary based on factors including, but not limited to, position offered, location, education, training, and/or experience. For information regarding our benefit programs and eligibility, please visit
Job tags
Salary
