The role of every Information Security team member is to support the overarching values and business goals of Costco Wholesale as they relate to meeting legal, ethical and regulatory obligations; protecting member privacy; and maintaining a security technology environment for our operations. The Information Security Engineer provides consultative services, works with vendors for product consideration and recommendation, performs monitoring and auditing of information system activities, creates and maintains documentation related to policies, standards and procedures; and, mentors team members with lesser subject matter expertise.
Job Duties/Essential Functions
* Works with stakeholders to provide security solutions that support their business requirements.
* Works to create roadmap for consolidation and integration of enterprise and/or security platforms.
* Performs the project manager role on security-related projects.
* Identifies existing security gaps and design remediation efforts to address those gaps.
* Assess and/or design centralized user and configuration management systems.
* Performs and/or coordinate regular security assessments of existing or new infrastructure.
* Performs duties necessary to assist in establishing practices and system configurations to ensure the safety of information systems assets and to protect information systems from intentional or inadvertent access or destruction.
* Works with information systems custodians (i.e., department managers, user community and systems administrators) at different levels in the organization to understand their respective security needs and assist with implementing practices and procedures consistent with Costco's Information Security Policy.
* Assists with monitoring and auditing of information systems activities and systems to confirm information security policy compliance and provide management with security policy compliance assessments and system monitoring reports.
* Develops and maintains centralized information systems security standards, procedures, and guidelines.
* Identifies, develops, and implements mechanisms to detect security incidents in order to enhance compliance with and support of security standards and procedures in place.
* Conducts security risk assessments on new products and systems, periodic security risk assessments on existing systems and identify and/or recommend appropriate security countermeasures and best practices.
* Responds to discovered security incidents by informing appropriate custodians, determining root cause, and identifying and executing remedial actions (if necessary) required to re-establish respective information system security.
* Coordinates activities or engagements with loss prevention, interact with legal and law enforcement as required.
* Regular and reliable workplace attendance at your assigned location.
* Assists in other areas of the department as necessary.
* Assists in other areas of the company as necessary.
Ability to operate vehicles, equipment or machinery
Computer, phone, printer, copier, fax
Experience, skills, education & licenses/certifications
* A Bachelor's degree in Computer Science or a minimum of 6 years of information systems security experience in a leadership role preferred.
* One or more professional security certifications such as CISA, CEH, GIAC or CISSP (or equivalent experience).
* Ability to work effectively, independent of assistance or supervision.
* Innovative, creative, and extremely responsive, with a strong sense of urgency.
* Willing to share knowledge and assist others in understanding technical and business topics.
* Willingness to work outside of regular business hours as required which can include evenings, weekends and holidays.
* Experience with firewalls, routers, load balancers and DMZ silos, and packet capture technologies helpful.
* Working knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
* Demonstrated experience of "hands on" security knowledge of the following platforms: Windows in a large Active Directory environment, Linux, AIX, Ubuntu and other UNIX variants.
* Web technologies such as Websphere, IIS, Apache, IHS.
* Scripting knowledge including Perl, Python, Powershell, etc.
* Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers, using appropriate language, examples, and tone.
* Experience with tools such as NMAp, NetCat and Enum.
* Experience with IDS (Sourcefire, SNORT) and SIEMS technologies such as ArcSight, Splunk ES.
* Working knowledge of protocols and technologies such as TCP, UDP, SSL/TLS.
* At least one technical certification related to a major Costco platform (Microsoft, Linux or Cisco).
* Ability to interpret information security data and processes to identify potential compliance issues (SOX, HIPAA, PCI).
* Ability to quickly understand security systems in order to identify and validate security requirements using logical, risk based prioritization methods.
* Experience with performing computer forensics and analysis.
* Successful internal candidates will have spent one year or more on their current team.
* Management will review the Job Analysis for this position prior to a job offer.
To Apply: Use the link below to upload all required documents to
Apart from any religious or disability considerations, open availability is needed to meet the needs of the business. If hired, you will be required to provide proof of authorization to work in the United States. Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas.
Costco Wholesale Corporation operates membership warehouses.