Logo Costco Wholesale

Cybersecurity Operations Engineer - Application Security

About the Employer | www.costco.com
Annual Salary

Job Description

This is an environment unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others. In 2018, Costco contributed over $39 million to organizations such as United Way and Children's Miracle Network Hospitals.

Costco IT is responsible for the technical future of Costco Wholesale, the second largest retailer in the world with wholesale operations in twelve countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. As proof, Costco consistently ranks in the top five of Forbes “America’s Best Employers”.

The role of each Application Security Team member is to support the overarching values and business goals of Costco, including meeting legal, ethical, and regulatory obligations; protecting member privacy; and maintaining a secure technology environment for our operations.

The Cybersecurity Operations Engineer will work closely with stakeholders in Security, the Business, and other leaders within Costco, as well as partner with suppliers and utilize vulnerability management resources. The role requires a mix of business and technical acumen, and the ability to inspire and influence decisions around vulnerability management and methodology for the organization.

The Cybersecurity Operations Engineer is responsible for the successful delivery, design, and support of the vulnerability management program with specific focuses on application security, vulnerability scanning, vulnerability scan outputs, and the tools and methodologies utilized within the program. The Engineer identifies gaps and inefficiencies in the vulnerability management program and works with the team to implement solutions. In this role, the Engineer partners with suppliers for product consideration, proof of concepts, and solution recommendations. The Engineer ensures security best practices are enforced, mentors team members, and provides consultative services to teams and stakeholders to improve the vulnerability management of their environments.

The Cybersecurity Operations Engineer will possess the following knowledge and skills: in-depth working experience and knowledge of application security; software development lifecycle; vulnerability assessment methodologies; experience with tools such as Nessus or Qualys; solid skills in Windows, Linux, and networks in a Cisco environment; and have in-depth knowledge and work experience with security best practices.

If you want to be a part of one of theBEST “to work for” companiesin the world, simply apply and let your career be reimagined.


  • Translates business and compliance needs into technical specifications to deliver vulnerability scanning and management solutions to the enterprise.
  • Serves as a subject matter expert for application security, vulnerability management, and vulnerability scanning.
  • Works analytically to solve both tactical and strategic problems within the vulnerability management program.
  • Researches, plans, develops, and oversees the implementations and configurations of vulnerability solutions using tools that include Tenable-Nessus, Qualys, RiskIQ, application scanners, and other vulnerability scanners on a wide variety of global corporate and business information systems both on prem and cloud based.
  • Oversees and maintains technical documentation and architecture drawings related to the vulnerability management applications and environments.
  • Integrates vulnerability management tool data with enterprise systems that would automate configuration scripts and pull data via APIs.
  • Participates in and oversees the collection and aggregation of information from a wide variety of sources and formats for relevance to our environment.
  • Identifies attack surface reduction opportunities through vulnerability data analysis.
  • Leads the activities to mature the vulnerability management program.
  • Contributes as an active member of the Threat Exposure Management team, participates in team activities and planning in regards to improving team skills, awareness, communication, reputation, and quality of work.
  • Collaborates and communicates effectively with Compliance, Internal Audit, the Business teams, and others to identify, analyze, and communicate risk and provides support around vulnerability management within their business requirements.
  • Identifies, develops, and implements mechanisms to detect vulnerabilities and how they may lead to corporate incidents in order to enhance compliance with and support of security standards and procedures.
  • Coordinates with the Incident Response team to remediate security incidents as needed.
  • Understands compliance requirements that may impact security and effectively collaborates with business areas and project teams to develop security solutions that address these requirements.
  • Assumes a leadership role in advocating internally and externally for compliance to security measures to protect corporate applications and environments.
  • Works with information systems owners and administrators to understand their security needs and assists with implementing practices and procedures consistent with Costco’s security policies.
  • Builds and maintains supplier partnerships to further Costco’s mission and goals.
  • Maintains current knowledge of industry trends and standards.


  • 5+ years’ experience in security in an enterprise environment.
  • 2+ years’ experience assessing and implementing vulnerability management tools and vulnerability scan configurations.
  • Hands-on experience with vulnerability scanning tools or endpoint protection.
  • Understanding of software development lifecycle and integrating application security into a CI/CD pipeline.
  • Experience with vulnerability management processes including scanning, reporting, remediation planning.
  • Understanding of security frameworks such as PCI, HIPAA, GDPR, etc.
  • Experience with Windows, Linux, and networking environments.
  • Understanding of the OSI model, as well as IPv4/IPv6 protocol suite.
  • Experience with multi factor authentication and authentication processes and protocols; authentication services, as well as PKI and token/certificate based authentication, DNS, and AD structure.
  • Working knowledge of information systems security standards/practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, patch management, and incident handling).
  • Demonstrated high level of communication skills, both verbal and written.
  • Ability to clearly communicate Information Security matters to executives, auditors, end users, analysts, peers, and engineers, using appropriate language, examples, and tone.
  • Ability to quickly understand systems in order to identify and validate security requirements.
  • Possesses a realistic outlook that understands security problems as a balance of both security and business needs.
  • Demonstrated logical and structured approach to time management and task prioritization in support of team work goals.
  • Proactively pursues professional growth in the areas of technology, business knowledge, and Costco policies and platforms.
  • Strong analytical skills, documentation skills, and awareness of change management.
  • Ability to adapt to changing priorities.
  • Strong collaborative mindset, able to function as a contributing member of the team.
  • Ability to handle highly confidential information in a strictly professional manner.
  • Willingness to work outside of regular business hours, as required.


  • 2+ years’ in a security engineering role in an enterprise environment.
  • 2+ years’ in a software engineering or DevOps role in an enterprise environment.
  • Experience with patching or remediation.
  • Experience with one or more scripting languages.
  • One or more professional audit or security certifications such as CISA, GSEC or CISSP (or equivalent experience).
  • General knowledge of enterprise-level applications such as SAP, etc.
  • Strong networking knowledge.
  • General cloud knowledge.
  • Experience with tools such as NMAP, DNS, NTP and Citrix, NGFW and various SIEMs.
  • Working knowledge of secure protocols and technologies such as TCP, UDP, SSL, FTP, SMTP, NetBIOS, DHCP.
  • Familiarity with kanban or agile continuous improvement methodologies.
  • Experience in endpoint protection tools.
  • Experience developing and reporting enterprise level metrics.
  • Experience with Power BI.

Required Documents

  • Cover Letter
  • Resume

California applicants, please click here to review the Costco Applicant Privacy Notice.

Apart from any religious or disability considerations, open availability is needed to meet the needs of the business. If hired, you will be required to provide proof of authorization to work in the United States. Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas.

Employee Ratings Costco Wholesale

  • Based on full-time and part-time employees only, with 6602 reviewers

    Overall Rating

    Career Opportunities
    Compensation & Benefits
    Work-life balance
    Senior Management
    Culture & Values
    CEO Approval
    Recommend to a friend

    They do business with integrity and rational thinking. Overall, it's an excellent place to work, with products that are winning in the marketplace.