Engineer - Cybersecurity

Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. As proof, Costco ranks seventh in Forbes “World’s Best Employers”.

This is an environment unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST.  Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others.

Come join the Costco Wholesale IT family. Costco IT is a dynamic, fast-paced environment, working through exciting transformation efforts. We are building the next generation retail environment where you will be surrounded by dedicated and highly professional employees.

Engineers have deep knowledge and hands-on experience in enterprise-wide platforms, and solve technical problems while working on technology initiatives. Engineers have strong architectural, leadership, and technical skills. They ensure delivery of high quality artifacts, and adhere to and follow Costco’s SDLC. Engineers interact in a highly effective manner with other team members and management, drive innovation, and influence delivery and performance.

The Cybersecurity Engineer supports the overarching values and business goals of Costco Wholesale as they relate to meeting legal and regulatory obligations; protecting member, employee, and vendor privacy; and ensuring a technologically secure operating environment.

Our Information Security Threat Engineers protect the integrity of Costco’s network through aggressive detection and monitoring of potentially malicious behavior. 

If you want to be a part of one of the worldwide BEST companies “to work for”, simply apply and let your career be reimagined.

ROLE

●      Automates, documents, shares, educates, delegates, and improves processes.

●      Builds prototypes of potential features.

●      Creates conceptual and detailed technical design documents and standards.

●      Enhances automation of applications, systems, and platforms and identifies opportunities for streamlining, and continuous process improvement.

●      Collaborates with architects to plan, design, implement, and improve new capabilities, enhancements, solutions and/or platforms.

●      Applies knowledge to practical and sustainable applications and capabilities.

●      Partners with project managers, solution leads, and other stakeholders to establish the rough order of magnitude estimates, to create and maintain a robust framework to support applications, and to deliver quality solutions.

●      Contributes, interprets, and communicates enterprise, technical, project, and operational strategies to the team.

●      Develops team vision to drive new capabilities against a published roadmap, in conjunction with management.

●      Ensures that proposed and existing systems are aligned with organizational standards, goals, and objectives.

●      Formulates and directs activities that align short term goals and long term initiatives while providing accurate and timely estimates of work breakdown schedules.

●      Works with teams, management, and stakeholders to conceptualize, design, build, test, and release products

●      Shares relevant information among teams.

●      Influences and drives adoption of best practices and high quality standards throughout the division.

●      Integrates diverse solution components across multiple platforms using industry standard interfaces.

●      Tests and resolves problems, performs root cause analysis, identifies gaps, recommends solutions and preventative measures, and leads team members to solution delivery plans.

●      Runs proof of concepts and uses diagnostic/debugging skills to solve current challenges in multi-platform systems

●      Orchestrates reviews for system additions and/or enhancements.

●      Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the organization through technical leadership, knowledge of business need, development and communication of policies, procedures, and plans, and assurance of solution designs that are in compliance with architecture standards, technology guardrails, security, and operational guidelines.

●      Provides leadership/mentoring to team members, implements development efficiencies, creates appropriate documentation, drives operational efficiencies and technical growth within the team, and supports the release model.

●      Optimizes team efficiency and performance through high level technical direction. 

●      Provides technical leadership in implementation of applications, strategic planning sessions, documentation of requirements, tool implementation, database query languages, and programming languages.

●      Uses subject matter expertise to support industry standard source control and source change management techniques.

●      Presents technical designs and solutions to executives, management, and other audiences to gain consensus and/or project approval.

●      Participates in documenting SOPs, playbooks; identifies and reports potential gaps in the environment that poses an overall risk to the company; adheres to compliance and privacy standards.

●      Provides consultation and guidance to users aligning to best practices while supporting customer needs.

●      Builds strong relationships with business partners and sister teams across the Information Security organization, while promoting diversity and inclusion amongst the team.

●      Creates trusting relationships with team members and business partners, and acts as a SME for other engineers on collaborative teams to provide expert knowledge on an ongoing basis.

●      Models Costco’s culture and values while demonstrating the aptitude and capability to learn new tools and performing responsibilities with the highest standards of ethics and integrity.

REQUIRED

●      Experience with networking technologies, such as firewalls, routers, load balancers, and proxies.

●      Expert in writing detection logic for various tools.

●      Working knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).

●      Demonstrated experience of “hands on” security knowledge of one or more of the following platforms: Windows, Linux, UNIX, AIX, or iSeries.

●      Experience with Threat Modeling, security assessments, and evaluating mitigating controls.

●      Experience with network-based detective controls such IDS, IPS, SOAR, and various SIEMs.

●      Working knowledge of networking protocols.

●      Working knowledge of web technologies.

●      Ability to interpret information security data and processes to identify potential compliance issues.

●      Ability to quickly understand complicated data flows in order to identify and validate security requirements.

●      A team player; willingness to establish a strong positive working relationship with all areas of the business.

●      Ability to work effectively, independent of assistance or supervision.

●      Innovative, creative, and extremely responsive with a strong sense of urgency.

●      Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers using appropriate language, examples, and tone.

●      Willing to share knowledge and assist others in understanding technical and business topics.

Recommended

●      Bachelor’s degree in Computer Science or a minimum of 3 to 5 years’ Information Systems security or related data processing auditing experience.

●      Any of the following certificates: Certified Intrusion analyst (GCIAs), GIAC Certified Enterprise Defender (GCED), Certified Geographic Information Systems Professional (GISP), GIAC Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), Security certification.

●      Familiarity with SOA governance and policy management best practices.

●      Familiarity with Regulatory Compliance and industry standards, such as HIPAA, SOX, and PCI.

Required Documents

●      Cover Letter

●      Resume

California applicants, please click here to review the Costco Applicant Privacy Notice. 

Pay Range: $185,000 - $220,000, Bonus and Restricted Stock Unit (RSU) eligible 

We offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.

Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to IT-Recruiting@costco.com

If hired, you will be required to provide proof of authorization to work in the United States. Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas.

Salary : $185,000 - $220,000