Security Engineer - Vulnerability Management
Costco - issaquah, WA
Apply NowJob Description
Costco IT is responsible for the technical future of Costco Wholesale , the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. As proof, Costco ranks eighth in Forbes "World's Best Employers" . This is an environment unlike anything in the high-tech world and the secret of Costco's success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others. Come join the Costco Wholesale IT family . Costco IT is a dynamic, fast-paced environment, working through exciting transformation efforts. We are building the next generation retail environment where you will be surrounded by dedicated and highly professional employees. Security Engineers develop, design, implement, and integrate security systems used to safeguard enterprise assets against cyber-attack. Security Engineers drive innovation, influence delivery, and maximize performance. They deliver high-quality artifacts, develop and run security tests and continuously tune security tools for optimization. Security Engineers identify gaps and inefficiencies and work with the business to implement solutions based on their requirements. The Security Engineer in Vulnerability Management is responsible for the successful delivery, design, and support of the vulnerability management program with specific focus on asset identification, vulnerability scanning, scan outputs, reporting, response, assessing and prioritizing vulnerabilities for remediation, partnering with other teams who are responsible for mitigation strategies and vulnerability fixes, and the tools and methodologies utilized within the program. The Engineer identifies gaps and inefficiencies in the vulnerability remediation program, works with the team to implement solutions, and partners with internal Costco global teams and vendors for solution recommendations. The Engineer partners with vendors for product consideration, proof of concepts, and solution recommendations. The Engineer ensures security best practices are reviewed and enforced within the vulnerability management life-cycle, mentors team members, and provides consultative services to teams and stakeholders to improve vulnerability management and remediation of their environments. If you want to be a part of one of the worldwide BEST companies "to work for", simply apply and let your career be reimagined. ROLE • Analyzes and administers security policies to control physical and virtual system access. • Identifies and investigates security issues and develops security solutions that address compliance requirements that • can/do impact security. • Identifies, develops, and implements mechanisms to detect security incidents in order to enhance compliance and support of the security standards and procedures. • Assesses business role requirements, reviews authorization roles, and supports authorizations. • Demonstrates a comprehensive skill set with testing authorizations for multiple environments and coordinates testing with business/technical users. • Validates system configurations to ensure the safety of information systems assets and protects information systems from intentional or inadvertent access or destruction. • Implements best practice when applying knowledge of information systems security standards/practices (e.g.access control and system hardening, system audit and log file monitoring, security policies, and incident handling). • Designs and coordinates activities/engagements with other departments (loss prevention, legal, networking, etc). • Identifies security gaps that expose Costco to potential exploit and develop short-and long-term prioritized remediation to address those gaps. • Determines strategy and protocol for network behavior, analysis techniques, and tool implementation. • Identifies and resolves problems often anticipating issues before they occur or before they grow; develops and evaluates options; and implements solutions that support the business. • Creates dashboards, configures alerts, implements, and supports security software platforms, and monitors tools/apps. • Identifies opportunities for streamlining, and increasing effectiveness through continuous process improvement. • Implements practices, processes, and procedures consistent with Costco's information security policy and IT standards. • Develops and documents security events and incident handling procedures into Playbooks. • Triages, prioritizes, investigates, and coordinates security events and incident handling activities. • Collaborates with business partners, project teams, and team members to build secure solutions that protects data and enables the business with tools and processes that make sense and adapt to changing business needs both on-premises and in the cloud. • Automates, documents, shares, educates, delegates, and improves processes. • Collaborates with architects to plan, design, implement, and improve new capabilities, enhancements, solutions, and/or platforms. • Influences and drives adoption of best practices and high-quality standards throughout the division. • Integrates diverse solution components across multiple platforms using industry standard interfaces. • Presents technical designs and solutions to executives, management, and other audiences to gain consensus and/or project approval. • Translates business and compliance needs into technical specifications to deliver vulnerability remediation to the enterprise. • Serves as a subject matter expert for vulnerability assessment, response, management, scanning, and identification. • Utilizes a risk-based approach to assessing and prioritizing vulnerabilities. • Works analytically to solve both tactical and strategic problems within the vulnerability management and remediation programs. • Researches, plans, develops, and oversees the implementations and configurations of vulnerability solutions using industry standard tools, such as, Rapid7, Tenable, Tripwire, Qualys, PrismaCloud, Wiz.IO, and other vulnerability scanners on a wide variety of global corporate and business information systems both on prem and cloud based. • Oversees and maintains technical documentation and architecture drawings related to vulnerability remediation. • Facilitates the integration of vulnerability management tool data with enterprise systems to automate functions and workflows. • Participates in and oversees the collection and aggregation of information from a wide variety of sources and formats for relevance to our environment. • Identifies attack surface reduction opportunities through vulnerability data analysis from enterprise custom and COTS applications. • Leads the activities to mature vulnerability remediation at Costco and the overall vulnerability management program. • Contributes as an active member of the InfoSec and Compliance team; participates in team activities and planning in regards to improving team skills, awareness, communication, reputation, and quality of work. • Collaborates and communicates with Compliance, Internal Audit, Business teams, and others to identify, analyze, and communicate risk, and provides support around vulnerability management within their business requirements. • Identifies, develops, and implements mechanisms to address vulnerabilities and how they may lead to corporate incidents in order to enhance compliance with and support of security standards and procedures. • Coordinates with the Incident Response team to remediate security incidents as needed. • Participates in on-call rotation, including evenings, weekends and/or holidays, as necessary. • Understands compliance requirements that may impact security and effectively collaborates with business areas and project teams to develop security solutions that address these requirements, including supporting QSA activities. • Assumes a leadership role in advocating internally and externally for compliance to security measures to protect corporate applications and environments. • Works with information systems owners and administrators to understand their security needs and assists with implementing practices and procedures consistent with Costco's security policies. • Builds and maintains partnerships with internal Costco teams and vendors to further Costco's mission and goals. • Maintains current knowledge of industry trends and standards; proactively pursues professional growth in the areas of technology, business knowledge, and Costco policies and platforms. REQUIRED • 5 years' experience in security in an enterprise environment. • 3 years' experience assessing and implementing vulnerability management tools, vulnerability scan configurations, vulnerability reporting, and vulnerability remediation. • 3 years' hands-on experience with vulnerability scanning tools. • 3 years' in a security engineering role in a vulnerability management enterprise environment. • Experience researching resolutions to vulnerabilities and hands-on experience with mitigation. • Understanding of security frameworks such as PCI, HIPAA, GDPR, etc. • Experience with Windows, Linux, and networking environments. • Experience with automation and API scripting. • Understanding of the OSI model, as well as IPv4/IPv6 protocol suite. • Working knowledge of information systems security standards/practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, patch management, and incident handling). • Demonstrated high-level of communication skills, both verbal and written. • Ability to clearly communicate Information Security matters to executives, auditors, end users, analysts, peers, and engineers, using appropriate language, examples, and tone. • Ability to quickly understand systems in order to identify and validate security requirements. • Realistic outlook that understands security problems as a balance of both security and business needs. • Demonstrated logical and structured approach to time management and task prioritization in support of team work goals. • Strong analytical skills, documentation skills. • Experience with change management. • Ability to adapt to changing priorities. • Strong collaborative mindset, able to function as a contributing member of the team. • Ability to handle highly confidential information in a strictly professional manner. Recommended • One or more professional audit or security certifications such as CISA, GSEC or CISSP (or equivalent experience). • 3 years' assessing vulnerabilities and driving vulnerability remediation in an enterprise environment. • Experience with patching, remediation and developing compensating controls. • Experience with one or more scripting languages such as Python. • Familiarity with orchestration and automation tools especially as they apply to cloud deployments. • Working knowledge of network protocols and technologies such as TCP, UDP, SSL, SMTP, NetBIOS, and DHCP. • Familiarity with Kanban or agile continuous improvement methodologies. • Experience with endpoint protection tools. • Experience developing and reporting enterprise level metrics and dashboards using tools such as Power BI. Required Documents • Cover Letter • Resume California applicants, please click here to review the Costco Applicant Privacy Notice. Pay Ranges: Level SR - $150,000 - $190,000, Bonus and Restricted Stock Unit (RSU) eligible Level Staff - $180,000 - $225,000, Bonus and Restricted Stock Unit (RSU) eligible We offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees. Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to If hired, you will be required to provide proof of authorization to work in the United States.
Created: 2024-11-05