Security Engineer - Cloud

$150,000 - $190,000/Yr

Costco - Issaquah, WA

posted about 2 months ago

Full-time - Mid Level
Issaquah, WA
General Merchandise Retailers

About the position

The Security Engineer - Cloud position at Costco IT focuses on enhancing the security posture of cloud-based systems and applications. The role involves developing, implementing, and integrating security systems to protect enterprise assets from cyber threats. The engineer will work within a dynamic team to drive innovation, optimize security tools, and ensure compliance with security standards while collaborating with various departments to build secure solutions that adapt to changing business needs.

Responsibilities

  • Provides security and technical expertise to support the development of security objects to satisfy business requirements.
  • Analyzes and administers security policies to control physical and virtual system access.
  • Identifies and investigates security issues and develops security solutions that address compliance requirements that can/do impact security.
  • Identifies, develops, and implements mechanisms to detect security incidents to enhance compliance and support security standards and procedures.
  • Assesses business role requirements, reviews authorization roles, and supports authorizations.
  • Demonstrates a comprehensive skill set with testing authorizations for multiple environments and coordinates testing with business/technical users.
  • Validates system configurations to ensure the safety of information systems assets and protects information systems from intentional or inadvertent access or destruction.
  • Implements best practices when applying knowledge of information systems security standards/practices.
  • Designs and coordinates activities/engagements with other departments (loss prevention, legal, networking, etc.).
  • Identifies security gaps that expose Costco to potential exploit and develops short- and long-term prioritized remediation to address those gaps.
  • Develops and executes security controls, defenses, and countermeasures to intercept and prevent internal/external data infiltrations.
  • Determines strategy and protocol for network behavior, analysis techniques, and tool implementation.
  • Identifies and resolves problems often anticipating issues before they occur or before they grow; develops and evaluates options; and implements solutions that support the business.
  • Provides subject matter expertise in systems security policies, standards/practices, protocols, and technologies.
  • Configures, deploys, maintains, and supports security tools.
  • Protects confidentiality, integrity, and availability of information from being disclosed to unauthorized parties.
  • Creates dashboards, configures alerts, implements and supports security software platforms, and monitors tools/apps.
  • Identifies opportunities for streamlining and increasing effectiveness through continuous process improvement.
  • Implements practices, processes, and procedures consistent with Costco's information security policy and IT standards.
  • Develops and documents security events and incident handling procedures into Playbooks.
  • Ensures that incident documentation is comprehensive, accurate, and complete.
  • Triages, prioritizes, investigates, and coordinates security events and incident handling activities.
  • Collaborates with business partners, project teams, and team members to build secure solutions that protect data and enable the business with tools and processes that adapt to changing business needs both on-premises and in the cloud.
  • Works with internal and external auditors.
  • Designs, configures, and maintains various degrees of security.
  • Works with stakeholders and Security Architects to identify security solutions that support their business requirements.
  • Partners with other Information Security groups to conduct security risk assessments on new solutions and systems.

Requirements

  • 2+ years' experience in Security Engineering.
  • Experience in offensive security roles, such as penetration testing or ethical hacking.
  • Experience with Security Engineering of sites hosted in Public Cloud (Google, Azure).
  • Experience working with WAFs and CDNs such as Akamai or Fastly.
  • Proficiency in scripting and programming languages (e.g. Python, JS, Java, SQL) for tool development and automation.
  • Strong understanding of operating systems, network protocols, and web application security.
  • Extensive experience with security tools and frameworks (e.g. Kasada, Microsoft DFP, Bloodhound, Cobalt Strike).
  • Vast experience in performing code review to identify vulnerabilities.
  • A passion for cybersecurity and a commitment to staying current with emerging threats and industry trends.

Nice-to-haves

  • Bachelor's/Master's degree or equivalent experience in Computer Science, Information Security, or a related field.
  • One or more professional network and security certifications such as Security+, Network+, CCNA, GSEC, CISA or CISSP (or equivalent work experience).
  • Experience performing computer forensics.
  • Familiarity with ITILv2/v3 processes such as Service Support, Service Delivery, or Continual Service Improvement.
  • Familiarity with Regulatory Compliance and industry standards, such as HIPAA, SOX, and PCI.
  • Familiarity in a DevOps or DevSecOps environment.

Benefits

  • Paid time off
  • Health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance
  • Health care reimbursement account
  • Dependent care assistance plan
  • Short-term disability and long-term disability insurance
  • AD&D insurance
  • Life insurance
  • 401(k)
  • Stock purchase plan to eligible employees

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service