Lowe's Companies, Inc. · 2 hours ago
Sr Analyst, Information Security - (Offensive Security)
Mooresville, NC
Full-time
Hybrid
Mid, Senior Level
$95K/yr - $181K/yr
4+ years expLowe's Companies, Inc. is a leading home improvement company based in Mooresville, North Carolina. The Senior Analyst of Offensive Security will lead the implementation and delivery of information security tools, conduct penetration tests, and collaborate with teams to analyze security vulnerabilities and provide recommendations.
HardwareHome RenovationManufacturing
Responsibilities
Analyze data to detect trends, determine metrics, assess adherence to processes, and make recommendations. And present results to information security and business leaders and/or vendors
Serve as an escalation point and mentor for junior staff
Maintain an awareness of information security news and trends and research current technologies to assist in the development of new capabilities
Consolidate security-related findings, track OKRs, and present results to information security and business leaders and/or vendors
Translate and document business needs into technical requirements and solutions
Advise users and team members on the execution of processes, interpret standards and regulations, and assist with solutions
Design, develop, and maintain custom offensive tooling, including loaders, droppers, malware implants, in-memory execution frameworks, and covert initial access payloads across Windows, Linux, macOS, and cloud-native platforms
Engineer advanced evasion techniques in code, such as syscall stealth, ntdll unhooking, memory laundering, behavioral model evasion, encrypted tasking channels, and dynamic API resolution to defeat modern AI-driven EDR/EDX systems
Plan and execute full-scope red team and adversary emulation engagements, targeting on-prem, cloud, and hybrid environments while maintaining strong operational security and stealth
Reverse engineer defensive mechanisms and modify offensive code to adapt to new detection models, platform protections, and telemetry changes—ensuring tooling remains effective across diverse modern environments
Create reusable internal offensive libraries, including process injection modules, PE/ELF parsing routines, shellcode loaders, encryption wrappers, and cloud identity attack primitives
Prototype, test, and validate new malware techniques in isolated research environments; document behaviors, measure detection surfaces, and integrate promising approaches into operational tooling
Manage and maintain resilient C2 infrastructures—including redirectors, covert channels, and multi-transport communication layers—to emulate sophisticated APT frameworks and tradecraft
Develop, enhance, and standardize offensive testing methodologies, ensuring alignment with current threat landscapes, evolving attacker TTPs, and industry-leading best practices (MITRE ATT&CK, NIST, etc.)
Analyze engagement results and produce clear, actionable reporting, effectively communicating technical findings, attack paths, and remediation recommendations to both technical stakeholders and executive leadership
Promote a culture of collaboration, knowledge sharing, and continuous skill development within the offensive security team
Continuously research emerging threats, attack vectors, and defensive advancements, integrating relevant discoveries into future red team operations and tooling
Support improvements to security posture by contributing insights to security policy updates, defensive control enhancements, and incident response strategies based on observed weaknesses and real-world attack patterns
Qualification
Required
Bachelor's degree in computer science, computer information systems, engineering, business administration, cybersecurity, or related field, or equivalent years of experience in lieu of education requirement, if applicable
4 years of experience in information security
2–4 years of experience developing malware techniques and designing preventative measures
Preferred
IT experience in the retail industry
Hands-on experience on GRC applications & TPRM tools (e.g., Archer, LogicGate, SAP GRC, OneTrust, ProcessUnity, ServiceNow, BitSight, Prevalent, Black Kite, etc.)
Experience with vulnerability identification & penetration testing tools
Experience with vulnerability management in public/hybrid cloud environments
Experience with IAM technology implementation and operations (e.g., CA, SailPoint, OKTA, SSO, MFA, IGA, Microsoft AD) (specific to IAM role)
Experience developing cybersecurity or information assurance policies, standards, awareness training, or equivalent issuances (specific to Security GRC role)
Payment Card Industry Internal Security Assessor (PCI ISA)
Certified in Risk and Information Systems Control (CRISC)
Offensive Security Certified Professional (OSCP)
GIAC Penetration Tester Certification (GPEN)
Practical Network Penetration Tester (PNPT)
eLearnSecurity Certified Professional Penetration Tester (eCPPT)
Certified Third-Party Risk Professional (CTPRP)
Certified Third Party Risk Assessor (CTPRA)
CompTIA PenTest+ Certification
Or other relevant information security certifications
Benefits
For information regarding our benefit programs and eligibility, please visit https://talent.lowes.com/us/en/benefits.
Company
Lowe's Companies, Inc.
Lowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 20 million customers a week in the United States.
10001+ employees
H1B Sponsorship
Lowe's Companies, Inc. has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (389)
2024 (310)
2023 (388)
2022 (357)
2021 (242)
2020 (394)
Funding
Current Stage
Public CompanyTotal Funding
$22B2025-09-30Post Ipo Debt· $5B
2025-08-20Post Ipo Debt· $9B
2023-03-28Post Ipo Debt· $3B
Leadership Team
Jennifer Wilson
SVP, Chief Marketing Officer
K
Kathy Higgins
VP IT Business Management
Recent News
iphoneincanada.ca
2026-01-12
2026-01-07
Company data provided by crunchbase