Quality Engineer - Application Security - Costco Travel
Costco IT · Seattle, WA · 5 mo ago
Quality Assurance$105k–$135k/yrFull-time
About the role
Costa Travel IT is responsible for the technical future of Costco Wholesale, a global retailer with a strong focus on employee-centric culture and community involvement.
Responsibilities
- Serves as a subject matter expert for application security, vulnerability management, and vulnerability scanning.
- Supports and consults with product and development teams in the area of application security.
- Affirms security requirements for software and validates security requirements.
- Identifies attack surface reduction opportunities through vulnerability data analysis from enterprise custom and COTS applications.
- Collaborates and communicates with Compliance, External auditors, and Business teams.
- Understands compliance requirements that may impact security, and effectively collaborates with business areas and project teams to develop security solutions that address requirements.
- Maintains current knowledge of industry trends and standards; proactively pursues professional growth in the areas of technology, business knowledge, and Costco policies and platforms.
- Regular and reliable workplace attendance at your assigned location.
Requirements
- 4+ years’ experience in security in an enterprise environment.
- 2+ years’ experience with software development with Java or any other Object-Oriented Language.
- Knowledgeable in remediation activities at the code or script level, including fixing vulnerabilities or defects.
- Demonstrated experience with Java programming, development practices, and common bug patterns.
- Familiar with application vulnerability/security frameworks and standards such as OWASP Top 10, SANS Top 20, CVE, CWE, CVSS, etc.
- Experience with vulnerability management processes including scanning, reporting, and remediation planning.
- Understanding of software development lifecycle and integrating application security into a CI/CD pipeline.
- Experience with revision control systems and the agile process using ADO, Git, or similar agile code system functions (Pull, Fetch, Push, Sync).
Qualifications
- Strong verbal and written communication skills.
- Ability to clearly communicate Information Security matters to Executives, Auditors, End-Users, Analysts, Peers, and Engineers, using appropriate language, examples, and tone.
- Experience identifying and validating security requirements for software.
- Experience working with software development teams.
- Realistic outlook that understands security problems as a balance of both security and business needs.
- Demonstrated logical and structured approach to time management and task prioritization in support of team work goals.
- Strong analytical skills, documentation skills, and awareness of change management; ability to adapt to changing priorities.
- Strong collaborative mindset and able to function as a contributing member of the team.
- Ability to handle highly confidential information in a strictly professional manner.
Skills
- Experience with one or more scripting or development languages.
- General cloud knowledge.
- Experience developing and reporting enterprise level metrics.
Benefits
- Paid time off.
- Health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance.
- Health care reimbursement account.
- Dependent care assistance plan.
- Short-term disability and long-term disability insurance.
- AD&D insurance.
- Life insurance.
- 401(k).
- Stock purchase plan to eligible employees.
Pay
- Level 2: $105,000 - $135,000
- Level 3: $130,000 - $160,000
Schedule
- Regular and reliable workplace attendance at your assigned location.
Application Instructions
Please submit your resume and cover letter via the online application process. For questions, contact IT-Recruiting@costco.com.