Sr Analyst, Information Security (Penetration Testing & Red Team Assessments)

Job Category: Information Technology (IT)
Job Type: Full Time
Job Location: United States
Salary: $92 300.00 - $175
Company Name: Lowe's Companies

About the job

Your Impact

As a Senior Analyst, Offensive Security, you will conduct advanced penetration tests and red team assessments across our applications, networks and systems. You will collaborate with cross-functional teams to analyze security vulnerabilities and provide actionable recommendations for remediation.

This role solves complex problems while creating and optimizing processes and often takes a lead role in implementing new services and technologies.

What You Will Do

  • Conduct red team assessments
  • Design, implement and maintain C2 infrastructure to simulate APT
  • Develop and refine testing methodologies, ensuring they align with industry best practices
  • Analyze findings and present results and recommendations to both technical and non-technical audiences
  • Foster a culture of knowledge sharing and continuous improvement within the team.
  • Be motivated to stay current on the latest attack vectors, and security trends
  • Contribute to security policies and incident response plans based on assessment findings

Qualifications:

Minimum Qualifications

  • Bachelor’s Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work or military experience in a related field)
  • 4 years of experience in information security
  • Intermediate understanding of fundamental security and network concepts (Windows and Unix security: OS lockdown; logging and monitoring; application security; user access; perimeter protection principles, network communication rules; intrusion detection and analysis methods; etc.)

Preferred Qualifications

  • 6+ years of experience in red teaming exercises
  • In-depth knowledge of network security, exploitation techniques, and understand of advanced persistent threats (APTs )
  • Technical knowledge or experience developing using Python, or Perl, and compiled languages such as C, C++, C#, or Java
  • Advanced experience with C2 infrastructure models. This includes setup and maintenance of C2 infrastructures. As well as OPSEC and EDR evasion techniques
  • Experience conducting ADCS assessments
  • Knowledge of attack vectors and mitigation techniques
  • Excellent analytical, problem-solving, and communication skills
  • Relevant information security certifications (e.g., OSCP, OSCE, GPEN, CRTP, CRTO)
  • IT experience in the retail industry
  • Technical knowledge of Microsoft and Google cloud platforms, to include knowledge of all feature sets applicable to security event detection and monitoring (specific to Security Operations Center role)
  • Previous experience working in a Security Operations Center (SOC) environment
  • Experience with malware analysis
  • Intermediate knowledge of threat intelligence, threat hunting, attack surface management and investigations support functions
  • Highly experienced in the understanding of the output from cybersecurity scanning technologies to include operating systems, Custom Code, Web-based vulnerability analysis, 3rd party installed and hosted applications, cloud-hosted compute platforms, and microservices
  • Demonstrated understanding of internal security controls, assess risks and identify opportunities for improvement
  • Highly experienced with information security concepts related to Threat and Vulnerability Management, system architecture and Internet technology
  • Expertise in Vulnerabilities (OS, application, custom code, configuration, etc.) and associated risks
    APPLY

Apply for this position

Allowed Type(s): .pdf, .doc, .docx