Security Analyst II, Penetration Tester

Lowe's Inc. - Mooresville, NC3.7

Full-timeEstimated: $87,000 - $120,000 a year
Save
EducationSkills
PURPOSE OF ROLE

The Security Analyst II, Penetration Tester is primarily responsible for supporting the Manager of Information Security and Lead Information Security Analysts in assessing and identifying risks by performing internal and external penetration tests using commercial, proprietary and open-source tools to identify vulnerabilities and exposure within Lowe’s systems and applications. The Security Analyst II, Penetration Tester is comfortable interfacing at senior management levels within the organization and participating in project meetings.

To accomplish this, the Information Security Analyst II, Penetration Tester must have adequate knowledge of fundamental security policies, strong analytical skills, and the ability to manage security initiatives, including the penetration testing process.The Security Analyst II, Penetration Tester works closely with the Security Manager and Lead Information Security Analysts to coordinate risk assessments, document risk findings, research security issues for Lead Security Analyst, perform validation checks, and document security assessment initiatives.

RESPONSIBILITY STATEMENTS
Conduct internal and external Penetration Tests and Red Team assessments using proprietary and open-source tools to identify vulnerabilities and exposure within Lowe’s systems and applications
Assist in developing methodologies for continuous enhancements to red teaming methods and processes
Document and facilitate report out to various levels of Business, and Technical team will analyze guiding with prioritizing risk and track vulnerability resolution
Perform Hands-On Penetration Tests and Red Team assessments of Lowe’s enterprise and its infrastructure
Perform network penetration, web and mobile application testing, source code reviews
Develop, research, and maintain proficiency in tools, techniques, countermeasures, and vulnerabilities trends ranging from data compromise/destruction, covert communications, encryption attacks and more
Provide written, and verbal descriptions of the security defects identified, articulate risk and impact providing feedback on offensive and defensive cyber operations
Prescribe cybersecurity best practices techniques to address weaknesses in cyber assets and combat sophisticated threats against those assets

REQUIRED EDUCATION/ EXPERIENCE
Bachelor’s Degree in Computer Science or related field or 2 years of experience in Information Security role
2+ years of experience as a Security Analyst or in Technology Integration
Demonstrated ability to work in a team environment
Strong organizational, analytical /problem-solving skills
Ability to prioritize and manage multiple tasks
Must have excellent interpersonal, verbal and writing skills
Update security documentation as required
Document assessment findings and manage risk assessment repository
Identify and communicate assessment findings to Information Security Manager
Ability to deal with both technical and non-technical personnel
Ability to act independently

PREFERRED EDUCATION/ EXPERIENCE
OSCP, CISSP, GWAPT, EWPT, GPEN or CEH certifications
1+ years of penetration testing experience
Retail business experience