Lowe's logo
Lowe's/Curated role

Sr Analyst, Information Security

Lowe's Charlotte Technology Hub 3505, 3 locationsFull-timePosted 15 days ago0 applicants
On-siteInformation Security OperationsFrom $28,117
Accepting applications
From $28,117/ year
Type
Full-time
Mode
On-site
Level
Open

About the role

Job Description

  • Summary   The Offensive Security Team is seeking a highly skilled Red Team Operator to help plan and execute authorized, threat-informed offensive security operations across Lowe’s enterprise, cloud, identity, endpoint, and retail technology environments. This role will focus on realistic adversary emulation, initial access, C2 infrastructure, operational security, endpoint telemetry, evasion research, Active Directory, cloud identity, and offensive tooling. The ideal candidate is a disciplined offensive security professional who can safely emulate modern adversary behavior, identify meaningful attack paths, and translate findings into actionable improvements for detection engineering, security operations, incident response, infrastructure, cloud, and identity teams. This role requires strong technical depth, sound judgment, clear communication, and the ability to operate ethically and professionally in sensitive environments. This position will play a key role in strengthening Lowe’s ability to prevent, detect, respond to, and recover from advanced cyber threats while helping improve the company’s overall security posture through red team operations, purple team collaboration, control validation, and executive-ready reporting.   Key Responsibilities Plan, scope, and execute authorized red team and adversary emulation operations across enterprise, cloud, identity, endpoint, application, and retail technology environments. Conduct realistic initial-access scenarios aligned to approved rules of engagement, including external attack surface testing, phishing simulation, identity abuse, public-facing application exploitation, SaaS/cloud footholds, and other authorized access paths.
  • Design, deploy, operate, and safely decommission C2 infrastructure used during approved red team operations. Maintain strong operational security practices across tooling, infrastructure, logging exposure, operator behavior, payload safety, engagement deconfliction, and post-operation cleanup.
  • Develop, modify, test, and review offensive tooling, payloads, automation, and tradecraft in controlled and authorized environments. Conduct endpoint telemetry and evasion research to understand how security controls detect, block, or miss adversary behavior.
  • Identify and validate attack paths involving Active Directory, ADCS, Kerberos, privileged access, trust relationships, Microsoft Entra ID, cloud IAM, SaaS platforms, and endpoint controls.
  • Partner with Detection Engineering, SOC, Threat Hunting, and Incident Response teams to improve visibility, alerting, response playbooks, and control effectiveness.
  • Translate red team findings into clear technical reports, executive summaries, attack narratives, detection gaps, and prioritized remediation recommendations. Map adversary behaviors, findings, and emulation plans to common frameworks such as MITRE ATT&CK.
  • Support purple team exercises that validate detection logic, response workflows, and defensive control improvements. Stay current on adversary tradecraft, offensive security research, cloud and identity attack paths, endpoint security capabilities, and emerging defensive technologies.
  • Mentor other offensive security team members and contribute to the development of repeatable methodologies, lab environments, tooling standards, and operational processes.

Required Qualifications

Bachelor's Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work or military experience in a related field) 4 years of experience in information security Intermediate understanding of fundamental security and network concepts (Windows and Unix security: OS lockdown; logging and monitoring; application security; user access; perimeter protection principles, network communication rules; intrusion detection and analysis methods; etc.).

Preferred Qualifications

  • 6+ years of hands-on offensive security experience, including at least 4+ years conducting full-scope red team or adversary emulation operations in enterprise environments. Equivalent demonstrated capability may substitute for strict year requirements. Demonstrated experience planning and executing authorized initial-access operations across one or more of the following: phishing simulation, external attack surface exploitation, public-facing application exploitation, identity abuse, SaaS/cloud footholds, or trusted third-party/supply-chain-style scenarios.
  • Strong understanding of OPSEC for red team operations, including infrastructure separation, engagement deconfliction, logging discipline, payload safety, operator attribution control, burn procedures, and clear rules of engagement. Advanced experience with C2 infrastructure design and operations, including staging, redirector concepts, operator workflows, infrastructure lifecycle management, detection exposure reduction, and post-engagement teardown.
  • Hands-on experience with endpoint security telemetry and evasion research in authorized lab or enterprise testing environments, including the ability to reason about EDR/AV behavior, security logs, SIEM visibility, and detection opportunities without relying only on public tools. Technical ability to develop, modify, or review offensive tooling using at least one scripting language such as Python or PowerShell and at least one systems or compiled language such as C, C++, C#, Go, or Rust.
  • Experience with payload, implant, or agent development in authorized environments, including safe execution controls, error handling, logging awareness, operator control, and post-operation cleanup. Deep understanding of Windows enterprise attack paths, including Active Directory, Kerberos, ADCS, delegation, trusts, privileged access, endpoint hardening, and identity-based lateral movement. Working knowledge of cloud and SaaS attack paths, especially Microsoft Entra ID/Azure, Google Cloud, Google Workspace, OAuth/application consent, IAM misconfiguration, service accounts, and cloud logging. Ability to map operations to MITRE ATT&CK and produce actionable outputs for blue teams, including detection gaps, control weaknesses, attack-path narratives, and remediation recommendations. MITRE specifically describes ATT&CK as a common language and framework for red teams to emulate specific threats and plan operations.·  Excellent written and verbal communication skills, with the ability to brief technical operators, SOC analysts, engineering teams, and leadership About Lowe’s Lowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 100 home improvement company with total fiscal 2025 sales of more than $86 billion. Lowe’s employs approximately 300,000 associates and operates over 1,750 home improvement stores, 540 branches and 120 distribution centers. Based in Mooresville, N.C., Lowe’s supports the communities it serves through programs focused on creating safe, affordable housing, improving community spaces, helping to develop the next generation of skilled trade experts and providing disaster relief to communities in need. For more information, visit  Lowes.com .   Lowe’s is an

equal opportunity

employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.

Skills mentioned

red team operations
adversary emulation
c2 infrastructure
active directory
cloud security
endpoint security
phishing simulation
security operations

Benefits and perks

you need to work and live.
We offer paid time off for vacation, holidays, sick leave, and volunteer time. Depending on the position and tenure, most full-time associates start with around 10-15 days of combined time off.
Financial Well-Being
Paid Parental Leave
All ​​​​​full-time salaried or hourly associates receive up to 10 weeks of paid maternity leave and 4 weeks of paid parental leave, plus access to dependent care resources, including adoption assistance.
Comprehensive Insurance
Ready to apply?

Take the next step.
It takes 90 seconds.

Applications are reviewed directly by the Lowe's hiring team. You will be redirected to their careers page.

0applicants so far
Full-timerole type
On-sitework mode

You can return to this role from saved jobs any time.