Sr Engineer, Information Security - Oauth_IAM

Lowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 16 million customer transactions a week in the United States. With total fiscal year 2023 sales of more than $86 billion, Lowe’s operates over 1,700 home improvement stores and employs approximately 300,000 associates. Based in Bengaluru, Lowe’s India develops innovative technology products and solutions and delivers business capabilities to provide the best omnichannel experience for Lowe’s customers. Lowe’s India employs over 4,200 associates across technology, analytics, merchandising, supply chain, marketing, finance and accounting, product management and shared services. Lowe’s India actively supports the communities it serves through programs focused on skill-building, sustainability and safe homes. For more information, visit, www.lowes.co.in.

Job Summary
"The primary purpose of this role is to support the design, implementation and ongoing operation of information security tools and services. This includes leading the process of translating business and technical requirements into robust enterprise security software solutions that ensure information assets are adequately protected with acceptable levels of control. This also includes monitoring, testing, and evaluating security assessments of systems and taking steps to design and implement remediation solutions. 

Key Responsibilities

• Primary purpose of this role is to lead the design, implementation, and ongoing operations of information security tools and services in the Identity and Access Management (IAM) space, specifically around authentication and authorization
• Responsible for enterprise level support, standards, and best practices for identity access management (IAM) and IAM related services related to access management (Identity Providers, Enterprise Directories, etc.)
• Able to understand, translate, and implement auth services in accordance with standards (i.e. OAuth, OIDC, SAML 2.0, etc.)
• Leads the implementation and maintenance of assigned information security solutions to ensure successful deployment and operation; develops and documents detailed standards (e.g., guidelines, processes, procedures)
• Provides mentoring and guidance to more junior level engineers; may provide feedback and direction on specific engineering tasks
• Assists the Information Security team in monitoring security systems, reviewing logs, and managing information security systems
• Collaborates with other technology teams including core Engineering to design and implement solutions
• Remains aware of technological trends and developments in the area of information security
• Participates in continuing education and learning, not only pertaining to the software and solutions assigned, but also to security and risk management standards and best practices
• Solves difficult technical problems; solutions are testable, maintainable, and efficient
• Provides support in the event of escalated security issues for enterprise systems; helps diagnose, troubleshoot, and resolve issues
• Supports the implementation of hardware and software changes into environments to ensure security requirements are met
• Provides input into security breach response procedures; assists with security breach response activities
• Participates in break/fix activities
• Analyzes the output of industry standard cybersecurity tools and helps identify remediations to reduce risk and exposure of applications
• Completes basic custom enhancements of applications using secure coding techniques to reduce the threat of remote or local vulnerabilities
• Evaluates entire applications (Container, Infrastructure, host platform) to identify potential threats and vulnerabilities
• Monitors and analyzes the current state of platforms to assure performance is within pre-determined thresholds.
• Collaborates with vendors and other teams in matters of products, troubleshooting, maintenance and documentation.
• Possess working knowledge of JSON, REST and API integrations and security

Required Qualifications
Bachelors Degree in Computer Science, CIS, Engineering, Cybersecurity, or related field (or equivalent work experience in a related field)
5 Years in experience in technology system support, software development or a related field
2 Years in experience with information security applications and systems

Preferred Qualifications
Masters Degree in Computer Science, CIS, Business Administration, or related field
4 Years experience working on project(s) involving the implementation of solutions applying development life cycles (SDLC)
1 Year DevOps experience
3 Years of experience evaluating entire applications (Container, Infrastructure, host platform) to identify potential threats and vulnerabilities
3 Years of experience in the custom enhancement or development of applications using secure coding techniques to reduce the threat of remote or local vulnerabilities
Relevant information security certifications (e.g., CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen)
Advanced understanding of information security practices and policies
5 Years IT experience developing and implementing business systems within an organization
5 Years of experience working with defect or incident tracking software
5 Years of experience writing technical documentation in a software development environment
3 Years of experience working with an IT Infrastructure Library (ITIL) framework
3 Years of experience leading teams, with or without direct reports
5 Years experience working with source code control systems
Experience working with Continuous Integration/ Continuous Deployment tools
5 Years of experience in systems analysis, including defining technical requirements and performing

Lowe's is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.