Costco IT is responsible for the technical future of Costco Wholesale, the second largest retailer in the world with wholesale operations in twelve countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. As proof, Costco consistently ranks in the top five of Forbes “America’s Best Employers”.
- Builds and maintains pentesting vendor partnerships to further Costco’s mission and goals.
- Researches and remains up to date with emerging threats and Threat Emulation methodologies. Maintains current knowledge of industry trends and standards in information security.
- Works with Compliance, Internal Audit, Business teams, and internal and external penetration testing vendors to scope configure and validate solutions to support penetration testing.
- Documents security findings from pentesting engagements and reports the risks of those findings to the business and management.
- Works with stakeholders to design security engagements to test or assess their systems and business requirements.
- Guides internal Information Systems Teams to setup and maintain testing hosts, infrastructure, and software for penetration testing engagements.
- Works with Incident Response team as necessary to consult on discovered security incidents by informing appropriate custodians, determining root cause, and actions (if necessary) required to re-establish respective information system security.
- Works with Information System Owners and Administrators to understand their security needs and assists with implementing practices and procedures consistent with Costco’s security policies.
- Assumes a leadership role in advocating internally and externally for security measures to protect cloud-based applications and environments.
- Liaison between international sites and the business with internal and external penetration testers.
- Works with business teams to identify remediation solutions to security findings.
- Implements and oversees vendor access to the Costco environment in support of pen tests engagements. This includes network, application and rights management.
- Thorough understanding of the OSI model, as well as IPv4/IPv6 protocol suite.
- Working knowledge of information systems security standards/practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
- Must be detail-oriented and possess strong problem-solving skills and ability to analyze for potential future issues.
- Demonstrate a high level of communication skills, verbal and written.
Qualification & Experience:
- Able to handle highly confidential information in a strictly professional manner.
- Experience with some of the tools listed below: Kali Linux, Metasploit, Burp suite, Cobalt Strike, Tenable Nessus, Web Inspect, IDA PRO, Wireshark.
- Experience working with hybrid cloud infrastructures.
- Experience with Windows, Linux and cloud environment testing.
- Demonstrate a logical and structured approach to time management and task prioritization.
- Understanding of security issues for desktop, virtual, cloud services and network infrastructures.
- 3+ years’ System Administration experience supporting Windows, Linux, virtual and cloud environments.
- Able to automate tasks and script at a basic level.
- Experience with one or more scripting languages.
- Experience in IT systems and security policies, standards, industry trends, and techniques.
- Experience with secure network protocols and encryption of communications between networked hosts.
- Experience with assessing APT threats, Penetration Testing, Vulnerability Management, attack methodologies, forensics analysis techniques, malware analysis, attack surface comprehension, Cyber Threat Emulation operations, Cyber Advanced Threat Emulation Team operations and research, identification, and/or verification of new APT TTPs.
- Fundamental understanding of security knowledge of testing mobile, native applications, web applications, distributed and database systems.
- One or more professional audit or security certifications such as CISA, GSEC, CEH, and/or CISSP (or equivalent experience).
- A relevant degree or equivalent, and/or proven operational experience.
Vacancy Type: Full Time
Job Location: Spokane, WA, US
Application Deadline: N/A