The role of the Information Security Architect is to support the overarching values and business and security goals of Costco, including meeting legal, ethical and regulatory obligations; protecting member privacy; and maintaining a secure technology environment for our operations.
The Information Security Architect provides consultative services; works with vendors and Infosec team members to evaluate product considerations and recommendations; oversight for monitoring, verification and auditing of information system activities; ensures that Infosec policies, standards and procedures support the ability to protect, detect and respond against exploits; and mentors all team members with lesser subject matter expertise.
Additionally, the Architect will maintain primary responsibility for ensuring that all requisite Information Security requirements are adopted across the global enterprise. The Architect will create a comprehensive roadmap for both security technologies and for addressing identified security gaps in the enterprise by working with vendors, stakeholders and internal teams to ensure best practices for security are implemented in a holistic, sustainable manner.
Job Duties/Essential Functions
The Information Security Architect job will be a member of the Information Security team with a focus on overarching technical leadership as it applies to Information Security, Identity and Access and Compliance at a global enterprise level.
* Establishes regular communication with SAs, Architects and members of BRM and EA teams to ensure continuity and consistency among teams.
* Participates in the Security Center of Excellence (CoE).
* Enhances security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring of all team members.
* Develops and drives the security infrastructure roadmap.
* Responsible for identifying and prioritizing security gaps in the enterprise where the ability to protect, detect and respond to potential incidents is diminished and for developing action plans to address those gaps.
* Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments, threat modeling; studying architecture/platform/service; identifying integration issues; preparing cost estimates and forecasting.
* Plans security systems by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls (including Web Application Firewalls), and the related security and network devices; validates design and uses of public key infrastructures (PKIs), including the use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards.
* Provides guidance/oversight for developing and maintaining security requirements and data-centric requirements for all public, private, and hybrid cloud based solutions.
* Develops and implements security systems by specifying intrusion detection methodologies and equipment; directing equipment and software installation and calibration; preparing preventive and reactive measures; creating, transmitting, and maintaining keys; providing technical support; completing documentation.
* Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.
* Prepares security reports by collecting, analyzing, and summarizing data and trends. Ensures metrics are kept that can be analyzed and used for evaluating risk.
* Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
* Works with Compliance, Internal Audit, and Business teams to identify and analyze risks and provide suitable solutions.
* Works analytically to solve both tactical and strategic problems.
* Develops and communicates security best practices for global environments and applications.
* Works with stakeholders to provide security solutions that support their business requirements.
* Identifies, develops, and implements mechanisms to detect security incidents in order to enhance compliance with and support of security standards and procedures in place.
* Works with Incident Response team to discover security incidents by informing appropriate custodians, determining root cause, and actions (post-mortems) required to re-establish respective information system security.
* Understands compliance requirements that may impact security and work with business areas and project teams to develop security solutions that address these requirements.
* Coordinates activities or engagements with Loss Prevention, Legal, and law enforcement as required.
* Builds and maintains vendor standards and partnerships to further Costco's mission and goals.
* Assists in other areas of the department as necessary.
* Assists in other departments of the company as necessary.
Ability to operate vehicles, equipment or machinery
Computer, phone, printer, copier, fax
Experience, skills, education & licenses/certifications
* Minimum of seven years in an engineering and architectural role.
* A Bachelor's degree in Computer Science or a minimum of 6 years of information systems security or related data processing auditing experience.
* Ability to work effectively, independent of assistance or supervision.
* Demonstrate a logical and structured approach to time management and task prioritization.
* Innovative, creative, and extremely responsive, with a strong sense of urgency.
* Willing to share knowledge and assist others in understanding technical and business topics.
* Willingness to work outside of regular business hours as required which can include evenings, weekends, and holidays.
* Demonstrate a high level of verbal and written communication skills.
* Participate and lead in team activities and team planning in regards to improving team skills, awareness, and quality of work.
* Responsible for continued personal growth in the areas of technology, business knowledge, and Costco policies and platforms.
* Project/Program Management skills.
* Ability to handle highly confidential information in a strictly professional and ethical manner.
* Extensive knowledge of information systems security standards/practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
* Experience with firewalls, routers, load balancers, and DMZ silos.
* Demonstrated experience of "hands on" security knowledge of Windows, Mac, Linux, and AIX.
* Experience with scripting languages such as python, perl, powershell, etc.
* Experience with Restful APIs a plus.
* Ability to clearly communicate Information Security matters to executives, auditors, end-users, and engineers, using appropriate language, examples, and tone.
* Experience with penetration testing / hacking tools.
* Experience with incident response, red/blue team exercises, and applying threat intelligence.
* Experience with DNS, NTP and authentication mechanisms such as kerberos, SAML and OAUTH and security technologies such as IDS, IPS, and various SIEMS.
* Working knowledge of protocols and technologies such as TCP, UDP, SSL, FTP, SMTP, NetBIOS and DHCP.
* One or more professional audit or security certifications such as CISA, GSEC, or CISSP (or equivalent experience).
* Ability to quickly identify and validate security requirements.
* Successful internal candidates will have spent one year or more on their current team.
* Management will review the Job Analysis for this position prior to a job offer.
To Apply: Use the link below to upload all required documents to
Apart from any religious or disability considerations, open availability is needed to meet the needs of the business. If hired, you will be required to provide proof of authorization to work in the United States. Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas.
Costco Wholesale Corporation operates membership warehouses.