Costco

Director - Threat Exposure Management

Costco$160K — $230K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years leading penetration testing teams and vulnerability management in global security environments.
  • Proven experience in defining and enforcing remediation timelines based on risk levels with software teams.
  • Prior success in facilitating collaboration between offensive and defensive security teams to enhance detection strategies.
  • Skilled in negotiating security needs with senior engineering management to balance security and development timelines.
  • In-depth knowledge of OWASP Top 10 and CWE Top 25 vulnerabilities and mitigations.
  • Experience with CI/CD integration to ensure security without disrupting build processes.
  • Familiarity with modern tech stacks including microservices, Kubernetes, and major cloud platforms.

Responsibilities

  • Lead and manage a team focusing on Penetration Testing Program and remediation tracking.
  • Establish and oversee Red Team Operations for adversary emulation and security improvements.
  • Own the full Vulnerability Management lifecycle ensuring continuous scanning and effective remediation.
  • Manage Attack Surface Management by mapping the digital footprint and segmenting risks.
  • Ensure Application Security is embedded in the software development lifecycle through various scanning technologies.
  • Drive data-driven risk prioritization using platforms like Risk-Based Vulnerability Management.
  • Communicate and report security findings and action progress to technology stakeholders and senior leadership.

Benefits

  • Comprehensive health benefits including medical, dental, vision, and more.
  • 401(k) plan and stock purchase options for eligible employees.
  • Paid time off to promote work-life balance.
  • Short-term and long-term disability insurance for financial protection.
  • Life insurance and AD&D insurance plans offered.
Full Job Description
As a member of the IT Management Team, you are responsible for managing, developing, and leading a team of employees. Your role includes leading the specific functional responsibilities of your team, which involves overseeing team performance and deliverables. However, your role as a leader within our organization requires more than the management of resources and day-to-day operations. As a steward of the company, you are charged with the development and execution of your team's strategic vision and plan and ensuring that your team's actions align with the larger goals of the company and the IT Division.

The Director of Threat Exposure Management holds a crucial leadership role, driving a proactive program to identify, assess, and manage security risks and vulnerabilities across the technology landscape. This role is built upon four core functions: overseeing the Penetration Testing Program, including managing internal/external teams and tracking remediation; establishing and running Red Team Operations, which involves advanced adversary emulation and Purple Teaming for defense improvement; owning the full Vulnerability Management lifecycle, from continuous scanning and automation to enforcing remediation SLAs; and managing the Attack Surface Management by continuously mapping the digital footprint, classifying assets, and reducing risk through segmentation. This role is also responsible for the Application Security function, ensuring security is 'shifted left' through secure development lifecycle integration, application scanning (SAST/DAST/IAST), and managing application-specific risks.

Additionally, the Director is responsible for critical cross-functional duties, focusing heavily on data-driven risk prioritization. This includes implementing platforms, such as Risk-Based Vulnerability Management (RBVM) to normalize security findings and developing advanced risk scoring models (combining CVSS, exploitability, context, and threat intelligence) to efficiently prioritize and triage issues. Discover, correlate, prioritize, and triage all findings, vulnerabilities, and misconfiguration; report to the technology owners and track actions and mitigation. The Director must clearly communicate findings to technology owners, rigorously track mitigation progress, ensure accountability, escalate risks, and provide executive-level reports detailing overall exposure reduction. The incumbent must build strong cross-functional relationships and systematically drive the implementation, execution, metrication, and long-term sustainability of program objectives to continuously enhance the security operations' capacity to protect against and proactively respond to vulnerabilities and threats worldwide.

As the primary conduit between your employees and upper leadership, your role in communicating and modeling the values and guiding principles of our company culture is of vital importance. All members of IT Management should strive to consciously and consistently foster a culture of engagement, trust, and "open door" communication.

ROLE
  • INTEGRITY: When achieving benchmarks and goals, use methods/strategies that are consistent with the Code of Ethics and the Standard of Ethics for Managers and Supervisors. Always leads by example. Appropriately handles employee concerns and follows through to resolution.
  • MEMBER SERVICE: Provides and ensures staff provides an exceptional member experience.
  • ADMINISTRATION: Ensures proper department coverage (writing schedule and break aids if needed). Understands department budget, able to research and explain budget variances.
  • MANAGING PERFORMANCE: Coaches and mentors employees to provide support and guidance. Has regular open and honest conversations with employees to discuss work performance and career development. Identifies learning opportunities to strengthen employee knowledge, skill and ability.
  • COMMUNICATION: Regularly shares information with employees via meetings and one-on-one conversations. Successfully navigates difficult conversations with employees, members, and suppliers. Listens, expresses empathy and adapts to get points across. Addresses issues immediately to ensure a timely resolution and to avoid escalating the situation. Consistently demonstrates business knowledge during interactions with senior management. Create clear and concise communications/recommendations for senior leadership review related to strategic business plans and initiatives
  • SELF-MANAGEMENT: Demonstrates sound judgment, taking a partner when necessary.
  • INCLUSION: Encourages different approaches and ideas to work and to accomplish goals. Seeks employee input. Take the time to get to know or reach out to candidates who show potential that may not come forward on their own.
  • COMPLIANCE AND SAFETY: Takes measures to ensure employee and member information is kept confidential and adheres to IS security policy.
  • Works directly with the Senior Executive team to design, develop, and assist in the implementation of InfoSec strategies, ensuring alignment to corporate vision/goals.
  • This is a full-time management/leadership position (45+ hours per week).

REQUIRED
  • 5+ years' of experience in leading penetration testing teams, red teams, and vulnerability management organizations in a global security organization.
  • A history of defining and enforcing remediation timelines based on risk levels, including managing the friction that arises with DevOps and Engineering teams.
  • Experience facilitating collaboration between offensive (Red) and defensive (Blue) teams to ensure that findings actually result in better detection logic.
  • Experience negotiating with CTOs and VPs of Engineering to balance security patches with product feature velocity.
  • Deep understanding of the OWASP Top 10 and CWE Top 25.
  • Experience working within CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins) and understanding how to inject security without breaking the build.
  • Knowledge of modern stacks-microservices, Kubernetes, serverless, and cloud-native security (AWS, Azure, GCP).
  • Experience with frameworks, such as STRIDE, PASTA, or LINDDUN.
  • Ability to translate a theoretical threat into a business risk.
  • Experience taking Red Team findings and translating them into "Engineering Requirements." For example, if a Red Team exercise repeatedly bypasses authentication, the Director doesn't just ask for a patch; they work with Engineering to implement a standardized identity service across the org.
  • Ability to move away from being a "bottleneck" that blocks releases, and move toward providing "paved roads" (pre-approved, secure configurations) for developers.
  • Experience integrating vulnerability and misconfiguration checks directly into CI/CD pipelines (e.g., using Terraform, CloudFormation, or Kubernetes security tools).
  • HIPAA Training and Supervisors Orientation (within 30 days of hire); Leadership Development 101 (within one year); Costco Pay Policies (within 90 days of promotion).
Recommended
  • Master's Degree in a relevant technology field or equivalent experience.
  • Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP).
  • Demonstrate a logical and structured approach to time management and task prioritization.
  • Proficient in Google Workspace applications, including Sheets, Docs, Slides, and Gmail.

Required Documents
• Cover Letter
• Resume

Pay Range: $160,000 - $230,000, Bonus and Restricted Stock Unit (RSU) eligible

We offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.

About Costco

Costco is a membership warehouse club, dedicated to bringing their members the best possible prices on quality brand-name merchandise. With hundreds of locations worldwide, Costco provides a wide selection of merchandise, plus the convenience of specialty departments and exclusive member services, all designed to make your shopping experience a pleasurable one. The company's first location, opened in 1976 under the Price Club name, was in a converted airplane hangar on Morena Boulevard in San Diego. Originally serving only small businesses, the company found it could achieve far greater buying clout by also serving a selected audience of non-business members. With that change, the growth of the warehouse club industry was off and running. In 1983, the first Costco warehouse location was opened in Seattle. Costco became the first company ever to grow from zero to $3 billion in sales in less than six years. When Costco and Price Club merged in 1993, the combined company, operating under the name PriceCostco, had 206 locations generating $16 billion in annual sales.

Costco Careers

Joining the Costco team presents a unique opportunity to be part of one of the largest wholesale membership warehouses in the world. At Costco, we are committed to providing our employees with a path to career growth and a dynamic workplace culture that values innovation, leadership, and diversity.

Work You'll Do

Embark on a professional journey with Costco and play a pivotal role in our mission to continually enhance the Costco shopping experience. You'll find yourself working in a high-energy environment where your skills will be honed and your abilities pushed to new heights.

Explore Job Opportunities

Costco offers a variety of job opportunities that cater to a range of skills and interests, from in-warehouse positions to corporate roles. Each position at Costco is designed to help you build a solid professional foundation, with ample room for growth and advancement.

Internship Programs

Kickstart your career with a Costco internship. Our internships provide invaluable workplace experience and a chance to see what it truly means to be part of a team that prioritizes quality and community. Interns at Costco gain hands-on experience that is not only rewarding but also integral to their professional development.

Professional Growth and Development

Costco is deeply invested in the professional growth of our employees. We offer robust training programs, leadership workshops, and opportunities for advancement. Our commitment to career growth ensures that our team members are always equipped to take on new challenges.

Benefits and Culture

The benefits at Costco go beyond the basics. We offer a competitive benefits package that includes health, vision, dental, and life insurance, as well as a 401(k) plan with a generous company match. More importantly, our company culture is built on a foundation of respect, integrity, and dedication to diversity and innovation.

Join Our Team

If you're looking for a career that offers job security, excellent benefits, and an opportunity to grow both personally and professionally, consider joining the Costco team. Explore our open positions, tailor your resume, and prepare for an interview where you can showcase your unique skills and passion for excellence.

Stay Connected

Keep up to date with all things related to Costco careers by joining our network. Follow us on our careers page, connect with us on professional networking sites, and stay informed about upcoming hiring events and career opportunities.

Apply Now

Ready to take the next step in your career? Search for open positions that match your skills and interests on our jobs page. At Costco, we are always looking for passionate, curious, and solution-driven team players who are ready to make a difference.

Costco Jobs – Where Careers Soar

At Costco, we don’t just offer jobs; we offer career paths. The vast opportunities for growth, coupled with our exceptional culture and benefits, make Costco not just a place to work, but a place to build a lasting career.
Learn more about Costco
Size
288,000 employees
Market Cap
$201.7 billion
Industry
Net Income
$4.3 billion
Founded
1983
5 Year Trend
+12%
Revenue
$178.6 billion
NASDAQ

Similar Jobs

More Jobs at Costco

More Information Technology Jobs

Find similar Director - Threat Exposure Management jobs: