Engineer, Information Security at Lowe's

Innovate in Bengaluru

This position is based at our on-site office in Bengaluru. Lowe's offers an ultramodern work environment, complete with cutting-edge technology, collaborative workspaces, an on-site gym and clinic, and other perks to enhance your work experience.

About Lowe’s

Lowe’s is a FORTUNE® 100 home improvement company serving approximately 16 million customer transactions a week in the United States. With total fiscal year 2024 sales of more than $83 billion, Lowe’s operates over 1,700 home improvement stores and employs approximately 300,000 associates. Based in Mooresville, N.C., Lowe’s supports the communities it serves through programs focused on creating safe, affordable housing, improving community spaces, helping to develop the next generation of skilled trade experts and providing disaster relief to communities in need. For more information, visit Lowes.com

Lowe’s India, the Global Capability Center of Lowe’s Companies Inc., is a hub for driving our technology, business, analytics, and shared services strategy. Based in Bengaluru with over 4,500 associates, it powers innovations across omnichannel retail, AI/ML, enterprise architecture, supply chain, and customer experience. From supporting and launching homegrown solutions to fostering innovation through its Catalyze platform, Lowe’s India plays a pivotal role in transforming home improvement retail while upholding strong commitment to social impact and sustainability. For more information, visit Lowes India

About the Team:

The Digital Application Security team provides services focused on protecting Lowe’s Digital assets. The team manages the WAF/Bot Attack Mitigation and Malicious Script Defense services in the Digital Application Security portfolio as well as participates in efforts to reduce Digital fraud for the organization. The team works closely with partners across the organization to implement proactive security measures as well as respond to various types of attacks across the Digital platforms.

I.

Job Summary:

The primary purpose of this role is to provide Digital Security Services for e Commerce, Digital, and API platforms. This includes providing support for security services and engineering efforts pertaining to Web Application Firewall (WAF), Bot mitigation, and malicious script mitigation techniques. To be successful, the individual in this role must be versed in cybersecurity concepts and possess the ability to execute on complex security engineering solutions. This role requires the ability to collaborate closely with other departments to ensure the company’s platform is secure and in compliance with industry standards.

II.

Roles & Responsibilities:

Core Responsibilities:

• Serve as a Hands-on subject matter expert for Web Application Firewall (WAF), BOT mitigation, and script

mitigation tooling

• Provide analysis for WAF/BOT mitigation designs and implementation plans · Research website and API traffic telemetry and determine appropriate WAF/BOT mitigation

• Analyse WAF/BOT attack traffic to assess security risk, derive severity, and set mitigation priority

• Participate in planning efforts and implement incremental WAF/BOT threat identification and mitigation improvements

• Analyse script alerting to assess security risk, derive severity, and set mitigation priority

• Participate in SOC and threat intelligence tasks providing security consulting

• Participate in and execute technical evaluations of pertinent new security technologies addressing emerging threats and industry trends

• Participate in modelling potential Digital Application security threats and mitigations

• Facilitate, deliver and support integration engineering efforts for Digital in-house, COTS and SaaS security solutions

• Deliver and resolve complex engineering problems spanning multiple applications to drive overall improvements in security across systems and applications · Assist the Information Security team in monitoring and managing security systems and reviewing logs

• Respond to escalated security engineering issues for enterprise systems, facilitate and troubleshoot when necessary

• Serve a security engineering resource for project teams throughout the implementation and maintenance of assigned information security solutions, contribute to the definition and governance of security documentation (e.g. guidelines, processes, procedure)

• Flexible to work in shift (Morning/Afternoon)

III.

Years of Experience:

• Overall 3 years of experience in IT, Software engineering or relative field.
• 2-3 years Information Security experience (or combination of Information Security and Application Development)

IV. Education Qualification & Certifications (optional)

Required Minimum Qualifications:

• Bachelors Degree in Computer Science, CIS, Engineering, Cybersecurity, or related field (or equivalent work experience in a related field) · Relevant information security certifications (e.g. CEH, GPen)

V.

Skill Set Required:

Primary Skills (must have)

• Information Technology experience in the retail industry

• Knowledge of information security practices and policies

• Knowledge of IT Infrastructure Library (ITIL) framework

• Knowledge of WAF and BOT concepts and solutions

• Experience in delivering security product deployments, integrations, and operational efforts

Secondary Skills (desired)

• Knowledge of browser security headers (e.g. CSP, HSTS, etc.)

• Knowledge of API security gateway concepts

• Experience facilitating vendor security product requests for engineering requirements, enhancements,

maintenance, and configuration

• Familiarity with OWASP Top 10 and/or SANS Top 25

• Familiarity with retail regulatory scope (PCI, SOX, etc.)

• Familiarity of Magecart style attacks and mitigations

Lowe's is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.