Job Summary:
Costco Wholesale is the third largest retailer in the world, known for its employee-centric culture and commitment to community service. The Quality Engineer - Application Security will be responsible for ensuring the security of applications and services, working closely with various stakeholders to identify vulnerabilities and implement solutions.
Responsibilities:
• Serves as a subject matter expert for application security, vulnerability management, and vulnerability scanning.
• Supports and consults with product and development teams in the area of application security.
• Assesses applications for vulnerabilities in web UIs and APIs.
• Provides manual application secure code reviews.
• Works analytically to solve both tactical and strategic problems within the vulnerability management program.
• Identifies attack surface reduction opportunities through vulnerability data analysis from enterprise custom and COTS applications.
• Collaborates and communicates with Compliance, External auditors, and Business teams.
• Understands compliance requirements that may impact security, and effectively collaborates with business areas and project teams to develop security solutions that address requirements.
• Advocates for compliance and security measures, both internally and externally, to protect corporate applications and environments.
• Maintains current knowledge of industry trends and standards; proactively pursues professional growth in the areas of technology, business knowledge, and Costco policies and platforms.
• Regular and reliable workplace attendance at your assigned location.
Qualifications:
Required:
• 4+ years’ experience in security in an enterprise environment.
• 2+ years’ experience with software development with Java or any other Object-Oriented Language.
• Knowledgeable in remediation activities at the code or script level, including fixing vulnerabilities or defects.
• Demonstrated experience with Java programming, development practices, and common bug patterns.
• Familiar with application vulnerability/security frameworks and standards such as OWASP Top 10, SANS Top 20, CVE, CWE, CVSS, etc.
• Experience with vulnerability management processes including scanning, reporting, and remediation planning.
• Understanding of software development lifecycle and integrating application security into a CI/CD pipeline.
• Experience with revision control systems and the agile process using ADO, Git, or similar agile code system functions (Pull, Fetch, Push, Sync).
• Strong verbal and written communication skills.
• Ability to clearly communicate Information Security matters to Executives, Auditors, End-Users, Analysts, Peers, and Engineers, using appropriate language, examples, and tone.
• Experience identifying and validating security requirements for software.
• Experience working with software development teams.
• Realistic outlook that understands security problems as a balance of both security and business needs.
• Demonstrated logical and structured approach to time management and task prioritization in support of team work goals.
• Strong analytical skills, documentation skills, and awareness of change management; ability to adapt to changing priorities.
• Strong collaborative mindset and able to function as a contributing member of the team.
• Ability to handle highly confidential information in a strictly professional manner.
Preferred:
• 2+ years’ experience in working with DevOps engineer in an enterprise environment.
• Experience with one or more scripting or development languages.
• Experience coding, implementing custom software solutions, and supporting them in production environments.
• General cloud knowledge.
• Familiarity with agile continuous improvement methodologies.
• Experience developing and reporting enterprise level metrics.
• Proficient in Microsoft Workspace applications, including Outlook, Word, Excel, PowerPoint, and Teams.
Company:
Costco Wholesale is a membership warehouse club that provides a wide selection of merchandise and exclusive member services. Founded in 1983, the company is headquartered in Issaquah, USA, with a team of 10001+ employees. The company is currently Late Stage.