Be an Early Applicant
Curiosity wanted. Innovation required.
The Role
Lead and execute authorized red team and adversary emulation operations across enterprise, cloud, identity, endpoint, and retail tech. Develop and operate C2 infrastructure and offensive tooling, research endpoint telemetry and evasion techniques, identify AD/cloud attack paths, partner with detection and response teams, map findings to MITRE ATT&CK, and translate results into prioritized remediation, reports, and executive summaries.
Summary Generated by Built In
Innovate in Charlotte
Thank you for dedicating your time and talent to Lowe's. We want to give you more opportunities to learn and grow, so if you find a position you're interested in below, we encourage you to apply!
Job Description Summary
The Offensive Security Team is seeking a highly skilled Red Team Operator to help plan and execute authorized, threat-informed offensive security operations across Lowe's enterprise, cloud, identity, endpoint, and retail technology environments. This role will focus on realistic adversary emulation, initial access, C2 infrastructure, operational security, endpoint telemetry, evasion research, Active Directory, cloud identity, and offensive tooling.
The ideal candidate is a disciplined offensive security professional who can safely emulate modern adversary behavior, identify meaningful attack paths, and translate findings into actionable improvements for detection engineering, security operations, incident response, infrastructure, cloud, and identity teams. This role requires strong technical depth, sound judgment, clear communication, and the ability to operate ethically and professionally in sensitive environments.
This position will play a key role in strengthening Lowe's ability to prevent, detect, respond to, and recover from advanced cyber threats while helping improve the company's overall security posture through red team operations, purple team collaboration, control validation, and executive-ready reporting.
Key Responsibilities
Required Qualifications
Preferred Qualifications
About Lowe's
Lowe's Companies, Inc. (NYSE: LOW) is a FORTUNE® 100 home improvement company with total fiscal 2025 sales of more than $86 billion. Lowe's employs approximately 300,000 associates and operates over 1,750 home improvement stores, 540 branches and 120 distribution centers. Based in Mooresville, N.C., Lowe's supports the communities it serves through programs focused on creating safe, affordable housing, improving community spaces, helping to develop the next generation of skilled trade experts and providing disaster relief to communities in need. For more information, visit Lowes.com .
Lowe's is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.
Thank you for dedicating your time and talent to Lowe's. We want to give you more opportunities to learn and grow, so if you find a position you're interested in below, we encourage you to apply!
Job Description Summary
The Offensive Security Team is seeking a highly skilled Red Team Operator to help plan and execute authorized, threat-informed offensive security operations across Lowe's enterprise, cloud, identity, endpoint, and retail technology environments. This role will focus on realistic adversary emulation, initial access, C2 infrastructure, operational security, endpoint telemetry, evasion research, Active Directory, cloud identity, and offensive tooling.
The ideal candidate is a disciplined offensive security professional who can safely emulate modern adversary behavior, identify meaningful attack paths, and translate findings into actionable improvements for detection engineering, security operations, incident response, infrastructure, cloud, and identity teams. This role requires strong technical depth, sound judgment, clear communication, and the ability to operate ethically and professionally in sensitive environments.
This position will play a key role in strengthening Lowe's ability to prevent, detect, respond to, and recover from advanced cyber threats while helping improve the company's overall security posture through red team operations, purple team collaboration, control validation, and executive-ready reporting.
Key Responsibilities
- Plan, scope, and execute authorized red team and adversary emulation operations across enterprise, cloud, identity, endpoint, application, and retail technology environments.
- Conduct realistic initial-access scenarios aligned to approved rules of engagement, including external attack surface testing, phishing simulation, identity abuse, public-facing application exploitation, SaaS/cloud footholds, and other authorized access paths.
- Design, deploy, operate, and safely decommission C2 infrastructure used during approved red team operations.
- Maintain strong operational security practices across tooling, infrastructure, logging exposure, operator behavior, payload safety, engagement deconfliction, and post-operation cleanup.
- Develop, modify, test, and review offensive tooling, payloads, automation, and tradecraft in controlled and authorized environments.
- Conduct endpoint telemetry and evasion research to understand how security controls detect, block, or miss adversary behavior.
- Identify and validate attack paths involving Active Directory, ADCS, Kerberos, privileged access, trust relationships, Microsoft Entra ID, cloud IAM, SaaS platforms, and endpoint controls.
- Partner with Detection Engineering, SOC, Threat Hunting, and Incident Response teams to improve visibility, alerting, response playbooks, and control effectiveness.
- Translate red team findings into clear technical reports, executive summaries, attack narratives, detection gaps, and prioritized remediation recommendations.
- Map adversary behaviors, findings, and emulation plans to common frameworks such as MITRE ATT&CK.
- Support purple team exercises that validate detection logic, response workflows, and defensive control improvements.
- Stay current on adversary tradecraft, offensive security research, cloud and identity attack paths, endpoint security capabilities, and emerging defensive technologies.
- Mentor other offensive security team members and contribute to the development of repeatable methodologies, lab environments, tooling standards, and operational processes.
Required Qualifications
- Bachelor's Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work or military experience in a related field)
- 4 years of experience in information security
- Intermediate understanding of fundamental security and network concepts (Windows and Unix security: OS lockdown; logging and monitoring; application security; user access; perimeter protection principles, network communication rules; intrusion detection and analysis methods; etc.).
Preferred Qualifications
- 6+ years of hands-on offensive security experience, including at least 4+ years conducting full-scope red team or adversary emulation operations in enterprise environments. Equivalent demonstrated capability may substitute for strict year requirements.
- Demonstrated experience planning and executing authorized initial-access operations across one or more of the following: phishing simulation, external attack surface exploitation, public-facing application exploitation, identity abuse, SaaS/cloud footholds, or trusted third-party/supply-chain-style scenarios.
- Strong understanding of OPSEC for red team operations, including infrastructure separation, engagement deconfliction, logging discipline, payload safety, operator attribution control, burn procedures, and clear rules of engagement.
- Advanced experience with C2 infrastructure design and operations, including staging, redirector concepts, operator workflows, infrastructure lifecycle management, detection exposure reduction, and post-engagement teardown.
- Hands-on experience with endpoint security telemetry and evasion research in authorized lab or enterprise testing environments, including the ability to reason about EDR/AV behavior, security logs, SIEM visibility, and detection opportunities without relying only on public tools.
- Technical ability to develop, modify, or review offensive tooling using at least one scripting language such as Python or PowerShell and at least one systems or compiled language such as C, C++, C#, Go, or Rust.
- Experience with payload, implant, or agent development in authorized environments, including safe execution controls, error handling, logging awareness, operator control, and post-operation cleanup.
- Deep understanding of Windows enterprise attack paths, including Active Directory, Kerberos, ADCS, delegation, trusts, privileged access, endpoint hardening, and identity-based lateral movement.
- Working knowledge of cloud and SaaS attack paths, especially Microsoft Entra ID/Azure, Google Cloud, Google Workspace, OAuth/application consent, IAM misconfiguration, service accounts, and cloud logging.
- Ability to map operations to MITRE ATT&CK and produce actionable outputs for blue teams, including detection gaps, control weaknesses, attack-path narratives, and remediation recommendations. MITRE specifically describes ATT&CK as a common language and framework for red teams to emulate specific threats and plan operations.•
- Excellent written and verbal communication skills, with the ability to brief technical operators, SOC analysts, engineering teams, and leadership
About Lowe's
Lowe's Companies, Inc. (NYSE: LOW) is a FORTUNE® 100 home improvement company with total fiscal 2025 sales of more than $86 billion. Lowe's employs approximately 300,000 associates and operates over 1,750 home improvement stores, 540 branches and 120 distribution centers. Based in Mooresville, N.C., Lowe's supports the communities it serves through programs focused on creating safe, affordable housing, improving community spaces, helping to develop the next generation of skilled trade experts and providing disaster relief to communities in need. For more information, visit Lowes.com .
Lowe's is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.
Skills Required
- Bachelor's Degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work or military experience)
- 4 years of experience in information security
- Intermediate understanding of fundamental security and network concepts (Windows and Unix security; OS lockdown; logging and monitoring; application security; user access; perimeter protection; intrusion detection and analysis)
- 6+ years of hands-on offensive security experience, including at least 4+ years conducting full-scope red team or adversary emulation operations (preferred/equivalent demonstrated capability may substitute)
- Experience planning and executing authorized initial-access operations (phishing simulation, external attack surface exploitation, public-facing application exploitation, identity abuse, SaaS/cloud footholds, trusted third-party scenarios)
- Strong understanding of OPSEC for red team operations (infrastructure separation, engagement deconfliction, logging discipline, payload safety, operator attribution control, burn procedures, rules of engagement)
- Advanced experience with C2 infrastructure design and operations (staging, redirectors, operator workflows, lifecycle management, detection exposure reduction, teardown)
- Hands-on experience with endpoint security telemetry and evasion research, reasoning about EDR/AV behavior, security logs, and SIEM visibility
- Technical ability to develop, modify, or review offensive tooling using at least one scripting language such as Python or PowerShell and at least one systems/compiled language such as C, C++, C#, Go, or Rust
- Experience with payload, implant, or agent development in authorized environments, including safe execution controls and post-operation cleanup
- Deep understanding of Windows enterprise attack paths (Active Directory, Kerberos, ADCS, delegation, trusts, privileged access, endpoint hardening, lateral movement)
- Working knowledge of cloud and SaaS attack paths, especially Microsoft Entra ID/Azure, Google Cloud, Google Workspace, OAuth, IAM misconfiguration, service accounts, and cloud logging
- Ability to map operations to MITRE ATT&CK and produce actionable outputs for blue teams (detection gaps, attack narratives, remediation recommendations)
- Excellent written and verbal communication skills for briefing technical and executive audiences
What the Team is Saying
Seemantini Godbole
EVP, Chief Digital & Information Officer
Vivek B.
Director, Software Engineering
Laura M.
Lead Software Engineer
Hannah W.
Product Manager
Margot F.
Sr. Manager, Software Engineering
Rachel L.
Product Manager
Morgan S.
Associate Product Manager
Elaina W.
VP Applied AI, Data Products & Analytics
Anyae B.
Human Resources Director
Laura B.
Store Manager
Wayne E.
Senior Operations Manager
Elaine W.
VP Data Products, Applied AI, and Analytics
Jerry G.
Inclusion Network Leader
Sara K.
Inclusion Network Leader
Emily H.
Associate Merchant
Brook G.
HR Intern
Keshan J.
Sr. Field Merchant
Adam K.
Assistant Marketing Manager
Robin C.
Product Manager Inventory Replenishment and Planning
Cesar G.
Operations Manager Contact Center
Shari F.
Finance Manager
Jason B.
Store Manager
Benjamin C.
Merchandising Service Associate
Marvin Ellison
President & CEO
Grayson H.
VP Pricing, Promotions & Credit
Seemantini Godbole
EVP, Chief Digital & Information Officer
Lowe’s Compensation & Benefits Highlights
-
Inclusive Benefits Coverage — Medical, dental, and vision plans are available to regular full‑time and part‑time associates, with mental‑health/EAP resources included. Extending core health coverage to part‑timers broadens access across the workforce.
-
Retirement Support — A 401(k) with company match up to 4.25% when contributing 6% supports associate retirement savings. Availability spans regular full‑time and part‑time roles per company materials.
-
Equity Value & Accessibility — An Employee Stock Purchase Plan with a 15% purchase discount provides accessible ownership for associates. This adds a meaningful equity component alongside core pay and savings benefits.
Lowe’s Insights
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
It’s curious to think of innovation and stability co-existing. But we pair a 100-year track record of success with a hunger to do things differently. Everyone is in the work — tackling complex problems where your impact can build back or build up the communities we serve. We fill our halls with curious minds from all walks of life. Our differences make us stronger, which is why our leaders build cultures of recognition and inclusion. You are heard, and your curiosities are celebrated and championed here.
Why Work With Us
We have built a space where the curious can move freely. Up in title, up in skills, to the side with teams, or back to try something completely new. We help you find your path — because when you win, we all win.
Gallery
Lowe’s Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
Typical time on-site:
2 days a week
