Lowe's Info Security Analyst II - SOC Tier III Threat Intel Analyst in Mooresville, North Carolina

Job Description:

Job Summary:

The Information Security Analyst II, SOC Tier III Threat

Intel Analyst will serve as a dedicated Subject Matter Expert for the Security

Operations Center (SOC) cyber threat intelligence program, and will coordinate

threat intelligence efforts among the SOC analysts. In addition to ingesting

and processing intelligence, the analyst will be actively detecting and

assessing cyber security events and incidents across the Lowe’s environment.

The Analyst works among a team of skilled technicians to address complex or

difficult problems as needed within a 24x7 SOC environment. The Analyst also is

responsible for following processes and procedures as identified by SOC

Leadership to ensure the continuous improvement to monitoring, detection and

mitigation capabilities.

Note: This position works during core EST daytime hours on a

flexible schedule.

Essential Responsibilities:

• Monitors security incident and event management (SIEM) and

logging environments for security events and alerts to potential (or active)

threats, intrusions, and/or compromises

• Assists with triage of service requests from customers and

internal teams

• Escalates cyber security events according to Lowe’s

Incident Response Plan

• Assists with containment of threats and remediation of

environment during or after an incident

• Documents event analysis and writes comprehensive reports

of incident investigations

• Collaborates with technical teams to identify, resolve,

and mitigate events

• Acts as a participant during Cyber Hunt activities

• Acts as a Threat Intelligence Analyst researching,

analyzing, and applying cyber security threat intelligence

• Reviews all current threat intelligence feeds in use,

categorizes and prioritizes by relevancy

• Maintains and expands a domain name monitoring regimen

• Manages the R-CISC threat sharing process for Lowe’s, to

include sharing of Lowe’s information and ingestion/deduplication/processing of

R-CISC information and regular monitoring of and interaction with R-CISC resources

• Serves as lead on use of portal subscriptions provided by


• Initiates ad-hoc threat intelligence work parcel

assignments for Tier I/II analysts and reviews/expands the SOC daily recurring

activity SOP’s

• Supports Insider Threat program development, to include

monitoring external forums and correlating with internal forums and

operationalizing the data

• Develops log aggregation system alerts and searches across

instances, including allied businesses

• Furthers the development of a cyber threat intelligence

fusion center

• Develops products and reports that can be sent for

awareness to various groups and levels of leadership

• Develops a Threat Intelligence Framework

• Expands Data Loss Prevention efforts

• Supports deployment of Threat Intelligence Platform

• Advances dark web monitoring efforts

• Expands analysis and hunting efforts into allied


• Supports forensic efforts


Required Minimum Qualifications:

• Bachelor’s Degree in related field and 4 years of

experience in Information and Network Security or 6 years of IT experience to

include 2 years of Information and Network Security

• Strong technical, analytical, interpersonal, communication

and writing skills.

• Strong verbal and written communication skills with

ability to work in a team

• Basic understanding of fundamental security and network

concepts (Operating systems, intrusion/detection, TCP/IP, ports, etc.)

• Willing to work in a team-oriented 24/7 SOC environment;

flexibility to work on a rotating schedule (including occasional shift work)

Preferred Qualifications:

1) “Retail” experience in the Information Technology


2) One or more of the following certifications:

a. CompTIA Security b. GIAC Global Information Assurance Certification from SANS


c. Microsoft or Cisco Certifications

3) Previous experience working in a Security Operations

Center (SOC) environment

4) Experience with threat intelligence activities

About Lowe's

Lowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving more than 17 million customers a week in the United States, Canada and Mexico. With fiscal year 2016 sales of $65.0 billion, Lowe’s and its related businesses operate or service more than 2,370 home improvement and hardware stores and employ over 290,000 people. Founded in 1946 and based in Mooresville, N.C., Lowe’s supports the communities it serves through programs that focus on K-12 public education and community improvement projects. For more information, visit Lowes.com.


Job ID: 1384221BR

Line of Business: Corporate

Job Category: Information Technology (IT)

Department: 0751 - IT Security - IAM

Employment Type I: Regular

Employment Type II: Full-Time

Location #: 1999

Location Name: CSC-Mooresville

City: Mooresville

State: NC

EEO Statement:

Lowe’s is an equal opportunity employer and administers all personnel practices without regard to race, color, religion, sex, age, national origin, disability, sexual orientation, gender identity or expression, marital status, veteran status, genetics or any other category protected under applicable law.