About Costco Wholesale: Costco Wholesale is a multi-billion-dollar global retailer with warehouse club operations in eleven countries. They provide a wide selection of quality merchandise, plus the convenience of specialty departments and exclusive member services, all designed to make shopping a pleasurable experience for their members. About Costco Wholesale India: At Costco Wholesale India, we foster a collaborative space, working to support Costco Wholesale in developing innovative solutions that improve members’ experiences and make employees’ jobs easier. Our employees play a key role in driving and delivering innovation to establish IT as a core competitive advantage for Costco Wholesale. Position Title: Security Engineer Role Summary: Security Engineers develop, design, implement, and integrate security systems used to safeguard enterprise assets against cyber-attack. Security Engineers drive innovation, influence delivery, and maximize performance. They deliver high-quality artifacts, develop and run security tests and continuously tune security tools for optimization. Security Engineers identify gaps and inefficiencies and work with the business to implement solutions based on their requirements. As part of the Digital Site Security team the DevOps Security Engineer will be focused on improving the security posture and delivery of new and enhanced security capabilities for Costco BC and BD properties. Job Description: Roles & Responsibilities: Provides security and technical expertise to create, implement, and support the development of security objects—including Fastly CDN configurations, custom VCL logic, and Terraform-managed resources—to satisfy business requirements Analyzes, builds, operates, and administers security policies to control physical and virtual system access and configurations, including on Fastly edge computing and cloud platforms Identifies and investigates security issues, leveraging multiple dashboards, alerting, and configuration management, to develop security solutions that address compliance requirements and mitigate risks Identifies, develops, and implements mechanisms (such as Fastly security features, custom VCL, and automated Terraform deployments) to detect security incidents in order to enhance compliance and support security standards and procedures Assesses business role requirements, reviews authorization roles, and supports authorizations, including integration with edge security platforms Demonstrates a comprehensive skill set with testing authorizations for multiple environments (on-premises, cloud, and edge); coordinates and conducts testing with business/technical users Defines and validates system configurations—using tools such as automated Terraform checks—to ensure the safety of information system assets and protect information from intentional or inadvertent access or destruction Implements best practices using information systems security standards/practices, including access control, system hardening, audit/log file monitoring, security policies, and incident handling Designs and coordinates activities/engagements with cross-functional teams (loss prevention, legal, networking, DevOps), especially when deploying edge security and automation Identifies security gaps—including in CDN, WAF, and API management layers—that may expose the business to exploitation, and develops prioritized remediation with available solutions Develops and executes security controls, defenses, and countermeasures to intercept and prevent internal/external threats and data infiltrations Determines strategy and protocol for network behavior, analysis techniques, and tool implementation, including the use of observability and orchestration tools Identifies and resolves problems, often anticipating issues before they occur; develops and evaluates technical options—including edge and IaC (Infrastructure as Code) platforms—and implements scalable, secure solutions Provides subject matter expertise in systems security policies, standards, protocols, technologies, with a focus on CDN and NGWAF Creates dashboards, configures alerts, and implements/supports security software platforms to monitor tools and applications Identifies opportunities for streamlining and increasing effectiveness using automation, scripting, and continuous process improvement Develops and documents security events and incident handling procedures into Playbooks, including scenarios involving CDN security incidents and automated remediation Triages, prioritizes, investigates, and coordinates security events and incident handling activities Works with internal and external auditors, providing evidence for in-scope regulatory requirements Designs, configures, and maintains a range of security controls across different environments Partners with stakeholders and Security Architects to identify and implement security solutions that support business requirements, leveraging automation best practices Regular and reliable workplace attendance at your assigned location Experience Required: 5+ years’ experience in Security Engineering, edge computing, Fastly experience Experience working with WAFs and CDNs such as Akamai and Fastly Experience in offensive security roles, such as penetration testing or ethical hacking Experience with Security Engineering of sites hosted in Public Cloud (Google, Azure) Proficiency in scripting and programming languages (eg Python, JS, Java, SQL, Terraform, VCL) for tool development and automation Strong understanding of operating systems, network protocols, and web application security Extensive experience with security tools and frameworks (eg Kasada, Microsoft DFP, Bloodhound, Cobalt Strike) Vast experience in performing code review to identify vulnerabilities A passion for cybersecurity and a commitment to staying current with emerging threats and industry trends Minimum Qualifications: Must Have Skills: Bachelor's/Master's degree or equivalent experience in Computer Science, Information Security, or a related field One or more professional network and security certifications such as Security+, Network+, CCNA, GSEC, CISA, or CISSP (or equivalent work experience) Experience performing computer forensics Familiarity ITILv2/v3 processes such as Service Support, Service Delivery, or Continual Service Improvement Familiarity with Regulatory Compliance and industry standards, such as HIPAA, SOX, and PCI Familiarity in a DevOps or DevSecOps environment Proficient in Google Workspace applications, including Sheets, Docs, Slides, and Gmail Successful internal candidates will have spent one year or more on their current team
Job Title
Security Engineer [T500-24988]