Sr Analyst, Information Security Offensive Security

Sr Analyst, Information Security - (Offensive Security)

Join to apply for the Sr Analyst, Information Security - (Offensive Security) role at Lowe’s Companies, Inc.

This position is based at our headquarters in Mooresville, North Carolina. Our corporate office is a space where you can collaborate and do your best work. Take a walk, grab a bite (or a cup of coffee), work out, or get a check‑up – we invest in you so you can find your inspiration.

The primary purpose of this role is to lead the implementation and ongoing delivery of information security tools and processes. This includes responsibility for creating, executing, and improving processes and procedures with limited direct guidance from more senior‑level security associates. The role solves complex problems while creating and optimizing processes and often takes a lead role in implementing new services and technologies.

It requires a strong understanding of most tools and processes supported by the team, including many of the key integration points with other parts of technology, works mostly independently, and provides coaching and direction to more junior‑level associates.

As a Senior Analyst of Offensive Security, you will conduct advanced penetration tests and red team assessments across our applications, networks, and systems. You will collaborate with cross‑functional teams to analyze security vulnerabilities and provide actionable recommendations for remediation.

• Analyze data to detect trends, determine metrics, assess adherence to processes, and make recommendations. And present results to information security and business leaders and/or vendors.
• Serve as an escalation point and mentor for junior staff.
• Maintain an awareness of information security news and trends and research current technologies to assist in the development of new capabilities.
• Consolidate security‑related findings, track OKRs, and present results to information security and business leaders and/or vendors.
• Translate and document business needs into technical requirements and solutions.
• Advise users and team members on the execution of processes, interpret standards and regulations, and assist with solutions.
• Design, develop, and maintain custom offensive tooling, including loaders, droppers, malware implants, in‑memory execution frameworks, and covert initial access payloads across Windows, Linux, macOS, and cloud‑native platforms.
• Engineer advanced evasion techniques in code, such as syscall stealth, ntdll unhooking, memory laundering, behavioral model evasion, encrypted tasking channels, and dynamic API resolution to defeat modern AI‑driven EDR/EDX systems.
• Plan and execute full‑scope red team and adversary emulation engagements, targeting on‑prem, cloud, and hybrid environments while maintaining strong operational security and stealth.
• Reverse engineer defensive mechanisms and modify offensive code to adapt to new detection models, platform protections, and telemetry changes—ensuring tooling remains effective across diverse modern environments.
• Create reusable internal offensive libraries, including process injection modules, PE/ELF parsing routines, shellcode loaders, encryption wrappers, and cloud identity attack primitives.
• Prototype, test, and validate new malware techniques in isolated research environments; document behaviors, measure detection surfaces, and integrate promising approaches into operational tooling.
• Manage and maintain resilient C2 infrastructures—including redirectors, covert channels, and multi‑transport communication layers—to emulate sophisticated APT frameworks and tradecraft.
• Develop, enhance, and standardize offensive testing methodologies, ensuring alignment with current threat landscapes, evolving attacker TTPs, and industry‑leading best practices (MITRE ATT&CK, NIST, etc.).
• Analyze engagement results and produce clear, actionable reporting, effectively communicating technical findings, attack paths, and remediation recommendations to both technical stakeholders and executive leadership.
• Promote a culture of collaboration, knowledge sharing, and continuous skill development within…