Full Time

Security Engineer – Costco Jobs

Posted 1 year ago
Texas
$40 - $50 per hour

Job Description

Job Type: Security Engineer from home
Location: Texas work from home
Company: Costco

Position Description:

This Engineer role will be a critical member of the Security Engineering – Network Security team, which will design, develop, and deploy network security tools, services, programs, and initiatives. In addition, they will collaborate with management and vendors on product consideration; perform auditing of information system activities; provide consultative services as a Subject Matter Expert; drive innovation in technology, process, and procedure; and maintain operational excellence for their tools, services, and programs; create and maintain documentation related to policies, standards, and procedures; and lead and mentor team members with less subject matter expertise. This will entail collaborating with numerous groups across IT, both domestically and abroad.

ROLE

  • Does an assessment of existing Security Engineering platforms and technologies.
  • Provides a path for addressing capacity gaps, improving maturity, and innovating.
  • Team members are mentored and developed.
  • Tooling and instrumentation are evaluated and hardened to prevent cybersecurity exploits.
  • Regular security assessments of current or new infrastructure are performed and/or coordinated.
  • Performs duties essential to assist in the establishment of procedures and system configurations to ensure the safety of information system assets and to secure information systems from unauthorized or unintentional access or destruction.
  • Work with information system custodians (i.e., department managers, user community, and systems administrators) at various levels of the organization to understand their respective security needs and to assist in the implementation of practices and procedures consistent with Costco’s Information Security Policy.
  • Helps in the monitoring and auditing of information system activities and systems in order to validate information security policy compliance and to deliver security policy compliance assessments and system monitoring reports to management.
  • Collaborates with stakeholders to develop security solutions that meet their business needs.
  • Identifies, develops, and executes systems for detecting security events in order to improve compliance with and support for existing security standards and procedures.
  • Performs security risk assessments on new goods and systems, as well as periodic security risk assessments on existing systems, in order to discover and/or recommend relevant security countermeasures and best practices.
  • Coordinates loss prevention initiatives and interactions with legal and law enforcement as needed.
  • Identifies security gaps that expose Costco to potential exploit and produces short and long term priority remediations to fix those gaps, ensuring management is kept up to date on the risk.

REQUIRED

  • Subject Matter Expertise in network technologies, segmentation, and/or security zones is required.
  • Automation and orchestration experience with large-scale network infrastructure management.
  • Proficiency with scripting/programming languages (PowerShell, shell scripting, Python, etc.) would be advantageous.
  • Expertise linking heterogeneous systems through the use of APIs.
  • Excellent working understanding of authentication technologies such as Kerberos, SAML, OAUTH, and others.
  • Extensive knowledge of networking technology such as firewalls, routers, load balancers, and proxies.
  • Expertise with network segmentation and/or security zones for data protection based on data classification.
  • Eager to share expertise and aid coworkers in understanding technical and business problems.
  • Working understanding of information system security standards and practices is required (e.g., access control, system hardening, system auditing, log file monitoring, security policies, and incident handling).
  • Proven “hands on” security expertise of one or more of the following platforms: firewalls, UTM, forward/reverse proxies, DDoS mitigation, log aggregation, WAF, and so on.
  • Proven “hands on” security knowledge on at least one of the following platforms: Windows, Linux, AIX, or iSeries.
  • Expertise with network-based passive and active controls such as IDS and IPS, both wired and wireless.
  • Good knowledge of networking protocols, web technologies, and cloud computing is required.
  • Ability to understand data and processes related to information security in order to identify potential compliance concerns.
  • Ability to swiftly comprehend complex data flows in order to identify and validate security requirements.
  • Must be a team player that is eager to build strong positive working relationships with all sections of the organization.
  • Ability to function efficiently without assistance or supervision.
  • Innovative, imaginative, and quick to respond with a strong feeling of urgency.
  • Ability to convey information security issues clearly to executives, auditors, end users, and engineers using proper language, examples, and tone.
  • Flexible scheduling to accommodate the demands of the business, including evenings, weekends, and holidays.