Incident Response Security Engineer
Costco IT · Seattle, WA · 2 mo ago
Information TechnologyFull-time
About the role
The Costco IT department is responsible for securing the technology infrastructure of Costco Wholesale, a global retailer with operations in fourteen countries. As a Security Engineer, you will play a crucial role in protecting the company's assets from cyber threats.
Responsibilities
- Develop, design, implement, and integrate security systems to safeguard enterprise assets.
- Analyze and administer security policies to control physical and virtual system access.
- Identify and investigate security issues and develop solutions addressing compliance requirements.
- Assess business role requirements, review authorization roles, and support authorizations.
- Create and run commands and execute scripts; communicate with stakeholders during event troubleshooting and research.
- Build relationships and partnerships with key stakeholders to build secure solutions that protect data and enable the business.
- Collaborate with other Cyber Security team members, serve as a SME for security operations for multiple technologies, and collaborate with business partners.
- Provide subject matter expertise in systems security policies, standards/practices, protocols, and technologies.
- Implement best practices when applying knowledge of information systems security standards/practices.
- Monitor, analyze, and remediate cybersecurity events by adhering to defined security operating procedures (SOPs).
- Triages, prioritizes, investigates, and coordinates security events and incident handling activities.
- Design, configure, and maintain various degrees of security.
- Model compliance with company policies and procedures and support company mission, values, and standards of ethics and integrity.
Requirements
- 10+ years in Information Security, including 5+ years in SIEM and 5+ years in Incident Response/Threat Hunting.
- Certified in GREM, GCIA, GCIH, CISSP, GISP, GCWIN, GCFA.
- Expertise with SIEM and Log Analytics, SOAR, R policies and procedures.
- Demonstrated knowledge of application security controls, common vulnerabilities, and penetration testing methodologies.
- Strong understanding of network security architecture concepts including topology, protocols, components, and principles.
- Proficient in Google Workspace applications, including Sheets, Docs, Slides, and Gmail.
Qualifications
- Bachelor's degree in Computer Science or Computer Security/Forensics.
- Experience with scripting in Python, PowerShell, or similar language.
- Knowledge of the MITRE ATT&CK Matrix.
- Ability to parse and manipulate data for normalization or easier representations.
Skills
- Security Engineering
- Incident Response
- Threat Hunting
- SIEM
- SOAR
- Network Security
- Application Security
- Penetration Testing
- Python/Powershell Scripting
- MITRE ATT&CK Matrix
- Data Normalization
Benefits
Comprehensive benefits package including paid time off, health benefits, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan, and more.
Pay
Level SR - $150,000 - $190,000, Bonus and Restricted Stock Unit (RSU) eligible
Level Staff - $180,000 - $225,000, Bonus and Restricted Stock Unit (RSU) eligible
Schedule
Full-time position.