Lead Analyst, Information Security (Incident Response Team)

Your Impact

The primary purpose of this role is to support the implementation and ongoing delivery of the security incident processes.

This includes responsibility for executing and improving processes and procedures with occasional guidance from senior-level security associates.

This role manages and coordinates all activities in relation to the security and risk incident processes while ensuring that SLAs and OLAs are being met.

The individual in this role continues to grow their understanding across the various tools and processes supported by the teams, including the key integration points with other parts of Technology and Business.

The individual in this role will need to support and work with all areas within the Information Security Group to ensure risk information is gathered in a timely manner.

The individual will often work with partner technology and business teams within the organization to ensure effective resolution to any security or risk incidents.

This role addresses complex and interdependent issues that span technologies, business units, and services and drives continuous enhancement to tools and processes.

• What You Will Do;
• Supports the implementation of new processes and procedures as identified by the IRT (Incident Response Team) and the ISG Leadership to ensure the continuous improvement of communication, incident tracking, and mitigation / remediation capabilities.
• Supports triage of information security service requests from customers and internal teams, routing to the appropriate team(s) as needed and following up with requestor on status until completion.

Teams include but are not limited to ISG, IT, Legal, Human Resources, Public Relations, Corporate Communications, Social Media, or Asset Protection.

Possesses sufficient communication skills to interface with various groups and levels of leadership, including the Executive Leadership Team, to include written reporting of varied depth on short deadlines, with minimal supervision, at a technical level of detail appropriate to the audience.

Multiple communication channels, such as email, collaboration suites, and / or in-person meetings, may be used.

• Excellent writing skills and experience with developing and maintaining communications plans.
• Supports escalation of cyber security events according to Lowe’s Incident Response Plan
• Supports the documentation of incident analysis and writes comprehensive reports of security incident investigations, as needed.
• Collaborates with technical and business teams to identify, resolve, and mitigate information security incidents, to include major threat and vulnerability management events such as Log4j.
• Maintains an awareness of information security news and trends.
• Establish and report relevant metrics and Key Performance Indicators (KPIs) to communicate status and demonstrate progress of program performance.
• Cultivate relationships with cross-functional teams and partners to improve the quality of security incident response management throughout the organization.
• Continuously identify, assess, measure, and monitor program value and iterate to increase effectiveness.
• Leads debrief sessions to understand how to improve processes and services.
• Oversees the teams’ activities, develops resource estimates, and holds teams accountable for meeting established performance indicators.
• Leads and coordinates root cause analysis efforts for in-scope incidents.
• Ensures team members execute standard operating procedures.
• Delivers consistent and accurate system and / or process status reporting.
• Serves as an escalation point for complex or unresolved issues.
• Share important updates from senior management with associates.
• Monitors resolution of issues to achieve closure; follows up and provides status updates to management.
• Ensures the team follows procedures for incident escalation.
• Identifies opportunities to improve the efficiency and effectiveness of incident management procedures.
• Monitors and supports decisions regarding high-priority events, coordinating resources as appropriate.
• Performs or supports risk analyses of high-impact system changes related to ISG Risk Reviews or the Clear and Present Danger process;

manages and adjusts remediation schedules as needed.

• Assists in the development of guidelines to prevent and / or resolve recurring problems.
• Serves as the primary contact for resolution of systems issues and meets customer service standards by displaying a positive attitude, listening actively, taking ownership, leveraging knowledge, and communicating clearly.
• Oversees the tracking and documentation of high-impact issues by ensuring details of problems, status of service requests, and resolutions are entered into the designated tracking system.

Required Qualifications :

• Bachelor's Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work or military experience in a related field).
• 6 years of experience in information security.
• Advanced understanding of fundamental security and network concepts (Windows and Unix security : OS lockdown; logging and monitoring;

application security; user access; perimeter protection principles, network communication rules; intrusion detection and analysis methods; etc.).

Preferred Qualifications :

• IT experience in the retail industry
• Relevant information security certifications (, CISSP, CISM, CEH, CRISC, CISA, OSCP, GPen)
• Intermediate understanding of incident response activities : detecting, analyzing, and responding to various types of malicious activity
• Intermediate knowledge of SOC runbooks, SOPs, and knowledge management functions
• Intermediate knowledge of threat intelligence, threat hunting, attack surface management, and investigations support functions
• Previous experience working in an Incident Management role.
• Demonstrated understanding of internal security controls, risk assessment, and identifying opportunities for improvement
• Intermediate knowledge of vulnerability management (OS, application, custom code, configuration, etc.) and associated risks
• Knowledge of attack vectors, threat actors, and mitigation techniques (specific to a Security Threat & Vulnerability role)
• Experience with process management methodologies such as Six Sigma or ITIL Delivery methodologies (Agile, Scrum, SAFe)
• Where You’ll Be;
• Associates are required to relocate to the Charlotte region to foster collaboration and facilitate improved testing and support.
• Lowe’s supports a Flex Office concept where in-person work is required two days per week at the Charlotte Tech Hub
• Most business meetings are planned around the Eastern time zone.

About US

Lowe’s Companies, Inc. (NYSE : LOW) is a FORTUNE 50 home improvement company serving approximately 16 million customer transactions a week in the United States.

With total fiscal year 2023 sales of more than $86 billion, Lowe’s operates over 1,700 home improvement stores and employs approximately 300,000 associates.

Based in Mooresville, , Lowe’s supports the communities it serves through programs focused on creating safe, affordable housing and helping to develop the next generation of skilled trade experts.

For more information, visit

Lowe’s is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.