Security Analysts support the values and business goals as they relate to legal, ethical, and regulatory obligations; protect privacy; and maintain a secure technology environment. Security Analysts develop and execute security controls, defenses, and countermeasures to intercept and prevent internal / external attacks, infiltration of company data, and compromising of systems and accounts. Security Analysts research attempted / successful efforts to compromise systems security; design countermeasures; implement and maintain physical, technical, and administrative security controls; and provide information to management regarding the negative impact to the business.
The role of every Information Security team member is to support the overarching values and business goals of Costco Wholesale as they relate to meeting legal and regulatory obligations; protecting member, employee and vendor privacy; and ensuring a technologically secure operating environment. Our Information Security Threat Analysts protect the integrity of Costco's network through aggressive detection and monitoring of potentially malicious behavior.
Job Duties / Essential Functions
Designs and coordinates activities / engagements with other departments (loss prevention, legal, networking, etc.).Identifies security gaps that expose Costco to potential exploit and develop short and long term prioritized remediation to address those gaps.Develops and executes security controls, defenses, and countermeasures to intercept and prevent internal / external data infiltrations.Determines strategy and protocol for network behavior, analysis techniques, and tool implementation.Researches current hacking techniques, vulnerability disclosures, data breach incidents, and performing security analysis techniques.Researches and analyzes cyber threat actor tactics, techniques, and procedures and / or data analysis skills.Produces intelligence reports for a variety of consumers.Monitors, analyzes, and remediates cybersecurity events by adhering to defined operating procedures; working problem tickets, escalating and creating cases as needed, communicating with stakeholders during investigations leveraging appropriate security tools (i.e. SIEM, Firewalls, IDS / IPS, EDR, AV, etc.), and having a strong understanding of different types of attacks that can occur.Participates in documenting SOPs, playbooks, identifying and reporting potential gaps in the environment that poses an overall risk to the company; adhering to compliance and privacy standards.Provides consultation and guidance to users aligning to best practices while supporting customer needs.Builds strong relationships with business partners and sister teams across the Information Security organization while promoting diversity and inclusion amongst the team, creating trusting relationships with team members and business partners and being a SME for other engineers on collaborative teams to provide expert knowledge on an ongoing basis.Models Costco's culture and values while demonstrating the aptitude and capability to learn new tools and performing responsibilities with the highest standards of ethics and integrity.Regular and reliable workplace attendance at your assigned location.Ability to operate vehicles, equipment or machinery.
Computer, phone, printer, copier, faxNon-Essential Functions
Assists in other areas of the department as necessary.Assists in other areas of the company as necessary.Ability to operate vehicles, equipment or machinery.
Same as Essential FunctionsExperience, Skills, Education & Licenses / Certifications
Required :
Experience with networking technologies, such as firewalls, routers, load balancers, and proxies.Working knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).Demonstrated experience of "hands on" security knowledge of one or more of the following platforms : Windows, Linux, UNIX, AIX, or iSeries.Experience with Threat Modeling, security assessments, and evaluating mitigating controls.Experience with network-based detective controls like IDS, IPS, and various SIEMs.Working knowledge of networking protocols.Working knowledge of web technologies.Ability to interpret information security data and processes to identify potential compliance issues.Ability to quickly understand complicated data flows in order to identify and validate security requirements.Must be a team player and willing to establish a strong positive working relationship with all areas of the business.Ability to work effectively, independent of assistance or supervision.Innovative, creative, and extremely responsive with a strong sense of urgency.Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers using appropriate language, examples, and tone.Willing to share knowledge and assist others in understanding technical and business topics.Recommended :
Bachelor's degree in Computer Science or a minimum of 3 to 5 years' of Information Systems security or related data processing auditing experience.Any of the following certs are recommended but not required : Certified Intrusion analyst (GCIAs), GIAC Certified Enterprise Defender (GCED), Certified Geographic Information Systems Professional (GISP), GIAC Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), Security certification.Familiarity with SOA governance and policy management best practices.Familiarity with Regulatory Compliance and industry standards, such as HIPAA, SOX, and PCI.Proficient in Google Workspace applications, including Sheets, Docs, Slides, and Gmail.Successful internal candidates will have spent one year or more on their current team.Other Conditions
Management will review the Job Analysis for this position prior to a job offer.Required Documents
Cover LetterResumeLast two performance reviewsAttendance records for current year (Do not include absences covered by paid sick / personal time,FMLA or other protected absences.)
California applicants, please click here to review the Costco Applicant Privacy Notice.
