Description of position
The role of every Information Security team member is to support the overarching values and business goals of Costco Wholesale as they relate to meeting legal, ethical and regulatory obligations; protecting member's and employee's privacy; and maintaining a security technology environment for our operations. The Incident Response Engineer provides consultative services, works with vendors for product consideration and recommendation, performs monitoring and auditing of information system activities, advises on on matters related to policies, standards and procedures; and mentors team members with lesser subject matter expertise. The Incident Response Engineer works to consistently maintain situational awareness required to identify and verify security incidents. Analyze, document and report on security incidents through the Incident Attack Lifecycle. Provide technical analysis to understand compromise, coordinate the response and advise on remediation/mitigation tactics. The Incident Response Engineer develops, leads and monitors the Incident Response Program.
Tasks and responsibilities
* Identifies, develops, and implements mechanisms to detect security incidents and report on key metrics.
* Conducts security risk assessments on new products and systems, periodic security risk assessments on existing systems and identifies and/or recommends appropriate security objectives, countermeasures and best practices.
* Identifies security gaps that expose Costco to potential exploit and develops short and long term prioritized remediations and roadmaps to address those gaps.
* Works with stakeholders to provide security solutions that support their business requirements.
* Performs the project manager role on security-related projects.
* Identifies and improves security incident detection and monitoring capabilities.
* Designs, builds and supports the Incident Response Security Suite to operational excellence standards (e.g. high availability, change controls, patching, configuration management, etc.) and report on key metrics.
* Participates in the assessment, analysis and design of solutions for the Threat Intelligence Program.
* Identifies gaps and recommends changes to the Incident Response Plan.
* Monitors Operation, Detection and Response Teams work queues and metrics. Requests and releases team members to different roles as needed.
* Provides management and the IR team with a contextual snapshot of the IR team challenges for multiple uses by the team and management.
* Subject matter expertise and provides technical leadership for Incident Response.
* Provides mentoring and training on tools and processes to the Incident Response Team and partners.
* Coordinates activities or engagements with loss prevention, 3rd party security retainers, interact with legal and law enforcement as required.
* Incidents triage, prioritization, investigation, response coordination and closure documentation.
* Hands on work with SIEM and logging solutions.
* Obtains and analyzes forensic images of mobile devices, MACs, Linux, Windows (VMs as well as physical).
* Ensures that incident documentation is comprehensive and accurate. Completes all relevant fields in incident tracking database and closes ticket.
* Develops and documents security event and incident handling procedures into Playbooks.
* Creates Splunk dashboards to display IR's metrics.
* Creates dashboards that help identify possible malicious trends.
* Assists in other areas of the department and company as necessary.
Required skills, abilities, and certifications
* A Bachelor's degree in Computer Science or a minimum of 10 years of information security or intelligence program experience.
* High degree of ethics/confidentiality required. May be required to pass security screening.
* Rule correlation evaluation and development experience highly recommended but not required.
* Good understanding of FIM, IDS, EDR, vulnerability scanning, logging/monitoring, antivirus and other commonly implemented enterprise security technologies.
* Ability to work effectively, independent of assistance or supervision.
* Ability to work under pressure in a highly team focused environment is required.
* Innovative, creative, and extremely responsive, with a strong sense of urgency.
* Willing to share knowledge and assist others in understanding technical and business topics.
* Willingness to work outside of regular business hours as required which can include evenings, weekends and holidays.
* Working knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling.)
* Demonstrated experience of security knowledge of one or more of the following platforms: Linux or Ubuntu.
* Demonstrated experience in Splunk searches, data mining and dashboard creation.
* Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers, using appropriate language, examples, and tone.
* Familiarity with tools such as NMAP, NetCat and Enum and other commonly used PEN/hacking tools preferred.
* Familiarity with DNS, NTP, SMTP and other commonly used foundational protocols.
* Working knowledge of protocols and technologies such as TCP, UDP, SSL, FTP, SMTP, NetBIOS and DHCP.
* Ability to interpret information security data and processes to identify potential compliance issues.
* Ability to quickly understand security systems in order to identify and validate security requirements.
Recommended skills, abilities, and certifications
* One or more professional security certifications such as CISA or CISSP (or equivalent).
* Experience with scripting languages such as Python.
* Experience with Network IDS.
* Experience configuring TAPs/SPANs.
* Experience with Network Security Monitoring technologies.
* Experience with PCI DSS.
* Successful internal candidates will have spent one year or more on their current team.
Apply: Use the link below to upload all required documents to
Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas. If hired, you will be required to provide proof of authorization to work in the United States. Apart from any religious or disability considerations, open availability is needed to meet the needs of the business.
Costco Wholesale Corporation operates membership warehouses.