Quality Engineers are core delivery team members responsible for the validation of functional and non-functional requirements implemented by a team. They are responsible for decomposing the functional and technical requirements created by Product Owners and Systems Analysts into test scripts. Quality Engineers raise defects as issues are identified and support the remediation process with teams.

The Application Security Engineer will work closely with stakeholders in Security, Engineering, Dev Ops, and other leaders within Costco Travel. The Engineer will be responsible for the overall security of our applications and services/APIs. This role has specific focuses on application security, vulnerability scanning, vulnerability scan outputs, and the tools and methodologies used.

This Engineer will identify gaps and inefficiencies within the vulnerability management program, and will work with the team to implement solutions. The Engineer will ensure security best practices are enforced. They will mentor team members and provide consultative services to teams and stakeholders to ensure the security of our applications.

ROLE
• Serves as a subject matter expert for application security, vulnerability management, and vulnerability scanning.
• Supports and consults with product and development teams in the area of application security.
• Assesses applications for vulnerabilities in web UIs and APIs.
• Provides manual application secure code reviews.
• Works analytically to solve both tactical and strategic problems within the vulnerability management program.
• Identifies attack surface reduction opportunities through vulnerability data analysis from enterprise custom and COTS applications.
• Collaborates and communicates with Compliance, External auditors, and Business teams.
• Understands compliance requirements that may impact security, and effectively collaborates with business areas and project teams to develop security solutions that address requirements.
• Advocates for compliance and security measures, both internally and externally, to protect corporate applications and environments.
• Maintains current knowledge of industry trends and standards; proactively pursues professional growth in the areas of technology, business knowledge, and Costco policies and platforms.
• Regular and reliable workplace attendance at your assigned location.

REQUIRED
• 4+ years' experience in security in an enterprise environment.
• 2+ years' experience with software development with Java or any other Object-Oriented Language.
• Knowledgeable in remediation activities at the code or script level, including fixing vulnerabilities or defects.
• Demonstrated experience with Java programming, development practices, and common bug patterns.
• Familiar with application vulnerability/security frameworks and standards such as OWASP Top 10, SANS Top 20, CVE,
• CWE, CVSS, etc.
• Experience with vulnerability management processes including scanning, reporting, and remediation planning.
• Understanding of software development lifecycle and integrating application security into a CI/CD pipeline.
• Experience with revision control systems and the agile process using ADO, Git, or similar agile code system functions (Pull, Fetch, Push, Sync).
• Strong verbal and written communication skills.
• Ability to clearly communicate Information Security matters to Executives, Auditors, End -Users, Analysts, Peers, and Engineers, using appropriate language, examples, and tone.
• Experience identifying and validating security requirements for software.
• Experience working with software development teams.
• Realistic outlook that understands security problems as a balance of both security and business needs.
• Demonstrated logical and structured approach to time management and task prioritization in support of team work goals.
• Strong analytical skills, documentation skills, and awareness of change management; ability to adapt to changing priorities.
• Strong collaborative mindset and able to function as a contributing member of the team.
• Ability to handle highly confidential information in a strictly professional manner.

Recommended
• 2+ years' experience in working with DevOps engineer in an enterprise environment.
• Experience with one or more scripting or development languages.
• Experience coding, implementing custom software solutions, and supporting them in production environments.
• General cloud knowledge.
• Familiarity with agile continuous improvement methodologies.
• Experience developing and reporting enterprise level metrics.
• Proficient in Microsoft Workspace applications, including Outlook, Word, Excel, PowerPoint, and Teams.

Required Documents
• Cover Letter
• Resume

California applicants, please click here to review the Costco Applicant Privacy Notice.

Pay Ranges:

Level 2: $105,000 - $135,000

Level 3: $130,000 - $160,000

We offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.