Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. As proof, Costco ranks eighth in Forbes “World’s Best Employers”.
This is an environment unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others.
Come join the Costco Wholesale IT family. Costco IT is a dynamic, fast-paced environment, working through exciting transformation efforts. We are building the next generation retail environment where you will be surrounded by dedicated and highly professional employees.
Security Engineers develop, design, implement, and integrate security systems used to safeguard enterprise assets against cyber-attack. Security Engineers drive innovation, influence delivery, and maximize performance. They deliver high quality artifacts, develop and run security tests, and continuously tune security tools for optimization. Security Engineers identify gaps and inefficiencies, and works with the business to implement solutions based on their requirements.
The role of every Cybersecurity Engineering team member is to support the overarching values and business goals of Costco Wholesale as they relate to meeting legal, ethical, and regulatory obligations; protecting members’ and employees’ privacy; and maintaining a security technology environment for our operations. The Cybersecurity Engineer provides consultative services; works with vendors for product consideration and recommendation; performs integration, monitoring, and auditing of information system activities; advises on matters related to policies, standards, and procedures; and mentors team members.
If you want to be a part of one of the worldwide BEST companies “to work for”, simply apply and let your career be reimagined.
ROLE
● Provides security and technical expertise to support the development of security objects to satisfy business requirements.
● Analyzes and administers security policies to control physical and virtual system access.
● Identifies and investigates security issues and develops security solutions that address compliance requirements that can/ do impact security.
● Identifies, develops, and implements mechanisms to detect security incidents in order to enhance compliance and support of the security standards and procedures.
● Assesses business role requirements, reviews authorization roles, and supports authorizations.
● Demonstrates a comprehensive skill set with testing authorizations for multiple environments and coordinates testing with business/technical users.
● Validates system configurations to ensure the safety of information systems assets and protects information systems from intentional or inadvertent access or destruction.
● Implements best practice when applying knowledge of information systems security standards/practices (e.g. access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
● Designs and coordinates activities/engagements with other departments (loss prevention, legal, networking, etc.).
● Identifies security gaps that expose Costco to potential exploit and develop short- and long-term prioritized remediation to address those gaps.
● Develops and executes security controls, defenses, and countermeasures to intercept and prevent internal/external data infiltrations.
● Determines strategy and protocol for network behavior, analysis techniques, and tool implementation.
● Identifies and resolves problems, often anticipating issues before they occur or before they grow; develops and evaluates options; and implements solutions that support the business.
● Provides subject matter expertise in systems security policies, standards/practices, protocols, and technologies.
● Configures, deploys, maintains, and supports security tools.
● Protects confidentiality, integrity, and availability of information from being disclosed to unauthorized parties.
● Creates dashboards, configures alerts, implements and supports security software platforms, and monitors tools/apps.
● Identifies opportunities for streamlining and increases effectiveness through continuous process improvement.
● Implements practices, processes, and procedures consistent with Costco's information security policy and IT standards.
● Develops and documents security events and incident handling procedures into Playbooks.
● Ensures that incident documentation is comprehensive, accurate, and complete.
● Triages, prioritizes, investigates, and coordinates security events and incident handling activities.
● Collaborates with business partners, project teams, and team members to build secure solutions that protects data and enables the business with tools and processes that make sense, and adapts to changing business needs, both on-premises and in the cloud.
● Works with internal and external auditors.
● Designs, configures, and maintains various degrees of security.
● Takes assessment of existing Cybersecurity Engineering platforms and tools.
● Creates roadmaps for consolidation and integration of Engineering platforms.
● Mentors and develops team members.
● Evaluates and hardens tooling and instrumentation to prevent cybersecurity exploits.
● Performs and/or coordinates regular security assessments of existing or new infrastructure.
● Performs duties necessary to assist in establishing practices and system configurations to ensure the safety of information systems assets and to protect information systems from intentional or inadvertent access or destruction.
● Works with information systems custodians (i.e., department managers, user community, and systems administrators) at different levels in the organization to understand their respective security needs and assists with implementing practices and procedures consistent with Costco’s Information Security Policy.
● Assists with monitoring and auditing of information systems activities and systems to confirm information security policy compliance and provides management with security policy compliance assessments and system monitoring reports.
● Works with stakeholders to provide security solutions that support their business requirements.
● Identifies, develops, and implements mechanisms to detect security incidents in order to enhance compliance with and support of security standards and procedures in place.
● Conducts security risk assessments on new products and systems, periodic security risk assessments on existing systems, and identifies and/or recommends appropriate security countermeasures and best practices.
● Coordinates activities or engagements with loss prevention; interacts with legal and law enforcement as required.
● Identifies security gaps that expose Costco to potential exploit and develops short and long term prioritized remediations to address those gaps ensuring management is apprised of the risk in a timely manner.
Required:
● High degree of ethics/confidentiality.
● Experience with Email Security technologies, best practices, and workflows.
● Experience with Email Filtering, Encryption, Sandboxing, and DLP technologies such as, Proofpoint.
● Experience implementing strong Email Security Engineering using DMARC, DKIM, SPF, and DNSSEC records.
● Experience deploying Phishing Detection and Reporting solutions.
● Experience implementing and hardening mail relay systems such as Postfix.
● Experience managing external domain registrations.
● Strong prioritization and investigative skills.
● Demonstrated experience of “hands on” security knowledge of Windows and Linux.
● Ability to work effectively, independent of assistance or supervision.
● Innovative, creative, and extremely responsive, with a strong sense of urgency.
● Willingness to share knowledge and assist others in understanding technical and business topics.
● Working knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
● Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers, using appropriate language, examples, and tone.
● Experience with DNS, NTP, SMTP, and other commonly used foundational protocols.
● Working knowledge of protocols and technologies such as, TCP, UDP, SSL/TLS, FTP, NetBIOS, and DHCP.
● Experience implementing controls for various cybersecurity and regulatory frameworks such as, NIST, PCI, SOX, or HIPAA.
● Ability to interpret information security data and processes to identify potential compliance issues.
● Ability to quickly understand security systems in order to identify and validate security requirements.
● Scheduling flexibility to meet the needs of the business; may include evenings, weekends and holidays.
Recommended:
● A Bachelor’s degree in Computer Science or a minimum of 8 years’ of information systems security experience.
● One or more professional security certifications such as, CISA or CISSP (or equivalent).
● Experience with scripting/programming languages (PowerShell, shell scripting, python, etc.) a plus.
● Experience integrating disparate systems using APIs is a plus.
● Good working knowledge of Authentication protocols such as, Kerberos, SAML, OAUTH, etc.
Other Conditions
● Management will review the Job Analysis for this position prior to a job offer.
Required Documents
● Cover Letter
● Resume
California applicants, please click here to review the Costco Applicant Privacy Notice.
Pay Range:
SR Level: $150,000 - $190,000, Bonus and Restricted Stock Unit (RSU) eligible
Staff Level: $180,000 - $225,000, Bonus and Restricted Stock Unit (RSU) eligible
We offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.
Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to IT-Recruiting@costco.com
If hired, you will be required to provide proof of authorization to work in the United States. Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas.