Lead Data Security Engineer, Information Security

We are seeking a skilled Lead Data Security Engineer to spearhead the development and implementation of our enterprise-wide data security program.

This pivotal role will involve leading the discovery, design, and execution of comprehensive security strategies to safeguard our organization's sensitive data.

The ideal candidate will possess a strong technical background, hands-on experience in data security engineering, and a passion for staying ahead of emerging threats and technologies.

This role offers a unique opportunity to lead the development and implementation of a comprehensive data security program in a dynamic and collaborative environment.

If you are a passionate and experienced data security professional looking for a challenging role where you can make a significant impact, we encourage you to apply.

Responsibilities :

• Lead the discovery process to identify data security risks, vulnerabilities, and compliance requirements across the organization.
• Design and implement a robust data security program encompassing use case identification, customer-managed encryption keys (CMEK), and sensitive data protection mechanisms.
• Develop and implement data security policies, standards, and procedures in alignment with industry best practices and regulatory requirements.
• Collaborate with cross-functional teams to integrate data security controls into existing systems, applications, and workflows.
• Design and implement security monitoring and incident response mechanisms to detect, respond to, and mitigate data security incidents in a timely manner.
• Provide technical expertise and guidance to internal teams on data security best practices, encryption technologies, and secure development methodologies.
• Stay abreast of emerging threats, vulnerabilities, and technologies in the field of data security, and recommend proactive measures to mitigate risks and enhance security posture.
• Participate in vendor evaluations and selection processes to procure security tools, technologies, and services that support the data security program.
• Serve as a subject matter expert on data security matters, representing the organization in industry forums, conferences, and working groups.

Qualifications :

• Bachelor's degree in Computer Science, Information Security, or a related field; advanced degree preferred.
• Proven experience 7+ years in data security engineering, with a focus on designing and implementing enterprise-wide security programs.
• Strong understanding of data security principles, encryption technologies, and regulatory requirements (, GDPR, CCPA, HIPAA).
• Hands-on experience with data security tools and technologies, such as encryption, data loss prevention (DLP), hardware security modules, and managing a hybrid environment inclusive of public cloud, private cloud, and traditional on-prem.
• Proficiency in programming and scripting languages (, Python, Java, PowerShell) for automation and tool development.
• Excellent analytical and problem-solving skills, with the ability to assess complex security issues and develop effective solutions.
• Strong communication skills, with the ability to convey technical concepts to non-technical stakeholders and influence decision-making at all levels of the organization.
• Relevant certifications (, CISSP, CISM, etc.) are a plus.

Required Qualifications :

• Bachelor's Degree in Computer Science, CIS, Engineering, Cybersecurity, or a related field (or equivalent work or military experience in a related field).
• 7 Years of experience in technology system support, software development, or a related field
• 5 Years of experience with information security applications and systems
• 4 years of experience evaluating complex application and hosting environments to identify potential weaknesses and provide remediation plans to reduce risk.
• 5 Years of experience designing complex application and infrastructure systems.

Preferred Qualifications :

• Masters Degree in Computer Science, CIS, Business Administration, or related field
• 6 years of experience working on project(s) involving the implementation of solutions applying development life cycles (SDLC)
• 3 Years of DevOps experience
• 1 Year of experience with Cloud technologies
• 4 Years of experience designing application pipelines with secure configuration parameters to remove or reduce known threat vectors.
• 5 Years of experience working with diverse application and infrastructure environments to identify and provide technical guidance on threat reduction at both the application and supporting infrastructure layer.
• Relevant information security certifications (, CISSP, CISM, CEH, PCI ISA, CRISC, CISA, OSCP, GPen).
• Advanced understanding of information security practices and policies.
• 6 Years of IT experience developing and implementing business systems within an organization.
• 6 Years of experience working with defect or incident tracking software.
• 6 Years of experience writing technical documentation in a software development environment.
• 4 Years of experience working with an IT Infrastructure Library (ITIL) framework.
• 4 Years of experience leading teams, with or without direct reports.
• 6 Years of experience working with source code control systems.
• Experience working with Continuous Integration / Continuous Deployment tools.

About Lowe’s

Lowe’s Companies, Inc. (NYSE : LOW) is a FORTUNE 50 home improvement company serving approximately 16 million customer transactions a week in the United States.

With the total fiscal year 2023 sales of more than $86 billion, Lowe’s operates over 1,700 home improvement stores and employs approximately 300,000 associates.

Based in Mooresville, , Lowe’s supports the communities it serves through programs focused on creating safe, affordable housing and helping to develop the next generation of skilled trade experts.

For more information, visit .

Lowe’s is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.