Principal Engineer, Information Security

Your Impact

As a Principal Security Engineer focused on Identity and Access Management (IAM), you will be the strategic and technical leader shaping the enterprise’s identity and access ecosystem. Your work will enable secure, seamless, and scalable user experiences across the organization, ensuring that the right individuals can access the right resources at the right time. You will help architect and modernize the IAM infrastructure to support a dynamic workforce, cloud-native platforms, and a Zero Trust strategy. This includes shaping the enterprise strategy around identity governance, privileged access management (PAM), authentication, federation, and directory services.
 

What You Will Do;

• Serve as a technical visionary and advocate for security, designing scalable, repeatable, and dependable security services and educating stakeholders across the enterprise.
• Work closely with senior leaders to influence security strategy and align technical execution with business objectives. Translate senior security leadership's strategic vision into actionable technical roadmaps and execution plans.
• Ensure that security services integrate seamlessly with business operations and provide minimal disruption to associates and customers.
• Lead the end-to-end technical execution of security solutions, ensuring long-term sustainability and scalability. Develop and advocate for security solutions that enhance, rather than hinder, the user experience for associates, providers, and customers.
• Develop frameworks, automation, efficiency improvements, and tooling to enhance security capabilities without introducing unnecessary complexities or operational bottlenecks.
• Partner with security architecture teams to ensure alignment between security patterns, technical execution, and enterprise protection strategies.
• Consult with governance, risk, and compliance to ensure security services meet regulatory and compliance requirements.
• Contribute to the development of security policies, standards, and procedures that guide security engineering best practices.
• Identify and implement security controls that balance compliance needs with operational efficiency.
• Work closely with the technology operations team to ensure security solutions are easily maintainable, resilient, and scalable.
• Act as a mentor and coach for engineers to upskill teams and foster a culture of continuous learning. Provide technical guidance and leadership to engineering teams to develop next-generation security solutions.
• Drive engineering excellence by promoting best practices, conducting peer reviews, and fostering a culture of technical rigor.
• Lead cross-functional collaboration with security, IT, and product teams to integrate security seamlessly into the development lifecycle.
• Stay ahead of emerging security trends, identifying opportunities to enhance the organization's security posture through innovation.
• Lead the design, implementation, and optimization of enterprise-scale IAM solutions-including Identity Governance & Administration (IGA), authentication/authorization services, federation, and directory services.
• Serve as the subject matter expert and escalation point for complex IAM challenges involving cross-domain identity integration, cloud and hybrid infrastructure, and SaaS environments.
• Define and guide adoption of best practices in identity lifecycle management, role-based access control (RBAC), and attribute-based access control (ABAC).
• Engineer scalable authentication and authorization patterns supporting OAuth2, OIDC, SAML, and passwordless access models.
• Collaborate with application teams to ensure identity integration is seamless, secure, and aligned to least-privilege principles.
• Lead modernization efforts of legacy identity infrastructure, helping the organization move toward cloud-native and Zero Trust-aligned identity services.
• Partner with governance and compliance teams to ensure IAM solutions meet regulatory requirements such as SOX, HIPAA, PCI-DSS, and internal audit needs.
• Drive adoption of enterprise-wide Privileged Access Management (PAM) practices across infrastructure, applications, and DevOps environments.
• Contribute to and enforce IAM-related security policies, standards, and architectural patterns that balance usability with risk reduction.
• Support incident response efforts with expertise in IAM technologies, log correlation, and access review analysis.
• Individual Contributor

Minimum Qualifications

• Bachelor's Degree in computer science, computer information systems, engineering, business administration, cybersecurity, or related field, or equivalent work or military experience in a related field in lieu of a degree.
• 10 years of experience in information security
• 8 years of experience with information security applications and systems
• 8 years of experience evaluating complex applications and hosting environments to identify potential weaknesses and provide remediation plans to reduce risk
• 8 years of experience designing complex applications and infrastructure systems

Preferred Skills/Education

• IT experience in the retail industry
• CISSP Certified Information Systems Security Professional
• CISM - Certified Information Security Manager
• CRISC (Certified in Risk and Information Systems Control)
• Certified Information Systems Auditor (CISA)
• Deep expertise with IAM platforms such as SailPoint, Okta, Ping Identity, Microsoft Entra ID (formerly Azure AD), or ForgeRock.
• Experience designing and integrating federated identity solutions using SAML, OAuth, and OIDC across enterprise and partner ecosystems.
• Strong understanding of directory services, including Microsoft Active Directory, LDAP, and directory synchronization methodologies.
• Demonstrated experience implementing and operating IGA platforms (e.g., SailPoint IdentityNow/IIQ, Saviynt).
• Hands-on experience implementing and managing PAM solutions (e.g., CyberArk, Beyond Trust, Delinea).
• Familiarity with cloud-native IAM services in AWS, Azure, or GCP.
• Experience conducting identity risk assessments, access reviews, and entitlement clean-up initiatives.
• Relevant certifications such as Certified Identity and Access Manager (CIAM), Identity Governance Expert (SailPoint), Okta Certified Professional/Consultant, Azure Identity and Access Administrator Associate, or GIAC Defensible Identity and Access Management (GD IAM).

About Lowe’s

Lowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 16 million customer transactions a week in the United States. With total fiscal year 2024 sales of more than $83 billion, Lowe’s operates over 1,700 home improvement stores and employs approximately 300,000 associates. Based in Mooresville, N.C., Lowe’s supports the communities it serves through programs focused on creating safe, affordable housing, improving community spaces, helping to develop the next generation of skilled trade experts, and providing disaster relief to communities in need. For more information, visit Lowes.com

Starting rate of pay may vary based on factors including, but not limited to, position offered, location, education, training, and/or experience. For information regarding our benefit programs and eligibility, please visit our benefits page.

Lowe's hourly remote associates cannot reside in Alaska, California or Hawaii. Lowe's salaried remote associates cannot reside in Alaska or Hawaii.

Lowe’s is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.

Qualified applicants with arrest or conviction records will be considered for Employment in accordance with applicable laws, including the Los Angeles County Fair Chance Ordinance for Employers, the Los Angeles Fair Chance Ordinance, the San Francisco Fair Chance Ordinance, and the California Fair Chance Act.

Lowe’s believes that conviction records may have a direct, adverse, and negative relationship to the following job duties: accessing company property, assets, information and products; partnering, supervising, and regularly working with other Lowe’s employees; and adhering to and monitoring compliance and safety guidelines.