Quality Engineer - Application Security - Costco Travel

About The Position

Requirements

• 4+ years’ experience in security in an enterprise environment.
• 2+ years’ experience with software development with Java or any other Object-Oriented Language.
• Knowledgeable in remediation activities at the code or script level, including fixing vulnerabilities or defects.
• Demonstrated experience with Java programming, development practices, and common bug patterns.
• Familiar with application vulnerability/security frameworks and standards such as OWASP Top 10, SANS Top 20, CVE,
• CWE, CVSS, etc.
• Experience with vulnerability management processes including scanning, reporting, and remediation planning.
• Understanding of software development lifecycle and integrating application security into a CI/CD pipeline.
• Experience with revision control systems and the agile process using ADO, Git, or similar agile code system functions (Pull, Fetch, Push, Sync).
• Strong verbal and written communication skills.
• Ability to clearly communicate Information Security matters to Executives, Auditors, End -Users, Analysts, Peers, and Engineers, using appropriate language, examples, and tone.
• Experience identifying and validating security requirements for software.
• Experience working with software development teams.
• Realistic outlook that understands security problems as a balance of both security and business needs.
• Demonstrated logical and structured approach to time management and task prioritization in support of team work goals.
• Strong analytical skills, documentation skills, and awareness of change management; ability to adapt to changing priorities.
• Strong collaborative mindset and able to function as a contributing member of the team.
• Ability to handle highly confidential information in a strictly professional manner.

Nice To Haves

• 2+ years’ experience in working with DevOps engineer in an enterprise environment.
• Experience with one or more scripting or development languages.
• Experience coding, implementing custom software solutions, and supporting them in production environments.
• General cloud knowledge.
• Familiarity with agile continuous improvement methodologies.
• Experience developing and reporting enterprise level metrics.
• Proficient in Microsoft Workspace applications, including Outlook, Word, Excel, PowerPoint, and Teams.

Responsibilities

• Serves as a subject matter expert for application security, vulnerability management, and vulnerability scanning.
• Supports and consults with product and development teams in the area of application security.
• Assesses applications for vulnerabilities in web UIs and APIs.
• Provides manual application secure code reviews.
• Works analytically to solve both tactical and strategic problems within the vulnerability management program.
• Identifies attack surface reduction opportunities through vulnerability data analysis from enterprise custom and COTS applications.
• Collaborates and communicates with Compliance, External auditors, and Business teams.
• Understands compliance requirements that may impact security, and effectively collaborates with business areas and project teams to develop security solutions that address requirements.
• Advocates for compliance and security measures, both internally and externally, to protect corporate applications and environments.
• Maintains current knowledge of industry trends and standards; proactively pursues professional growth in the areas of technology, business knowledge, and Costco policies and platforms.
• Regular and reliable workplace attendance at your assigned location.

Benefits

• paid time off
• health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance
• health care reimbursement account
• dependent care assistance plan
• short-term disability and long-term disability insurance
• AD&D insurance
• life insurance
• 401(k)
• stock purchase plan