Costco Wholesale
Overview
Join to apply for the
IT Security Analyst - Costco Travel
role at
Costco Wholesale . Costco Travel IT is responsible for the
technical future of Costco Wholesale , the third largest retailer in the world with wholesale operations in fourteen countries. This environment is family, employee centric, and focused on transformation and growth. Costco Travel IT is a dynamic, fast-paced group building the next generation retail environment with dedicated and professional staff. Security Analysts
support the values and business goals related to legal, ethical, and regulatory obligations; protect privacy; and maintain a secure technology environment. Security Analysts develop and execute security controls, defenses, and countermeasures to intercept and prevent internal/external attacks, infiltration of company data, and compromising of systems. They research attempted or successful efforts to compromise systems security; design countermeasures; implement and maintain physical, technical, and administrative security controls; and provide management with information about the negative impact to the business. The
Security Analyst
has broad responsibilities for supporting Costco Travel’s values and business goals related to meeting legal, ethical, and regulatory obligations; protecting member privacy; and maintaining a secure technology environment. The role provides consultative services, works with vendors for product consideration and recommendation, performs monitoring and auditing of information system activities, creates and maintains documentation related to policies, standards and procedures, evaluates and recommends security controls, and performs security risk assessments. If you want to be part of one of the world’s best companies to work for, simply apply and let your career be reimagined. Role
Provides security and technical expertise to support the development of security objects to satisfy business requirements. Analyzes and administers security policies to control physical and virtual system access. Identifies and investigates security issues and develops security solutions that address compliance requirements. Identifies, develops, and implements mechanisms to detect security incidents to enhance compliance and support of security standards and procedures. Assesses business role requirements, reviews authorization roles, and supports authorizations. Demonstrates a comprehensive skill set with testing authorizations for multiple environments and coordinates testing with business/technical users. Validates system configurations to ensure the safety of information systems assets and protects information systems from unauthorized access or destruction. Implements best practices when applying knowledge of information systems security standards/practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling). Designs and coordinates activities/engagements with other departments (loss prevention, legal, networking, etc.). Identifies security gaps that expose Costco to potential exploit and develops short- and long-term remediation plans. Develops and executes security controls, defenses, and countermeasures to intercept and prevent data infiltrations. Determines strategy and protocol for network behavior, analysis techniques, and tool implementation. Identifies and resolves problems, anticipates issues, evaluates options, and implements solutions that support the business. Provides subject matter expertise in systems security policies, standards/practices, protocols, and technologies. Configures, deploys, maintains, and supports security tools. Protects confidentiality, integrity, and availability of information from unauthorized disclosure. Creates dashboards, configures alerts, implements and supports security software platforms, and monitors tools/apps. Identifies opportunities for streamlining and continuous process improvement. Implements practices, processes, and procedures consistent with Costco’s information security policy and IT standards. Develops and documents security events and incident handling procedures into Playbooks. Ensures incident documentation is comprehensive, accurate, and complete. Triages, prioritizes, investigates, and coordinates security events and incident handling activities. Required
4+ years of verifiable Information Security related experience. Ability to clearly communicate Information Security matters to both technical and non-technical audiences (including executives, auditors, and end users). Ability to interpret information security data and processes to identify potential compliance issues. Ability to understand security systems quickly to identify and validate security requirements. Knowledge and understanding of PCI, GDPR, SOX, CCPA and other regulatory directives. Experience implementing vulnerability scanning technologies and performing vulnerability scans and assessments using tools such as Nessus. Experience with Endpoint Detection and Response (EDR) technologies and processes. Strong understanding of Windows, Unix/Linux, networking, telephony, and wireless security. Experience administering and using at least three of the following: IDS/IPS, SIEM, DLP, endpoint security, encryption, penetration testing tools, firewalls, content filtering, anti-virus, WAFs, secure code development/testing tools. Strong knowledge of network topologies and protocols (TCP, UDP, TLS, SFTP, SMTP, NTP, NetBIOS, DHCP). Working knowledge of information security standards and practices (e.g., access control and system hardening, system audit and log monitoring, security policies, incident handling). Self-motivated and able to coordinate with others to implement changes. Ability to manage and prioritize multiple tasks and work with little or no supervision. Willingness to support off-hours work as required (evenings, weekends, holidays). Team oriented and willing to assist other members when needed. Recommended
A Bachelor’s degree or equivalent experience in Computer Science or related field. CISSP, GIAC, SANS or equivalent security certifications desired. Experience with security testing of enterprise networks. Experience with tools such as Nmap, NetCat, and Enum. Experience with File Integrity Management tools. Experience with packet sniffers and analysis of packet captures in security event research and analysis. Experience with current web-server security and maintenance (Apache, IIS, Java, etc.). Experience with web application security, secure coding and OWASP. Strong problem solving and analytical skills. Experience with penetration testing tools, leading incident response teams, and ethical hacking techniques. Experience using forensic tools and performing forensic collections. Experience designing processes and creating policies and standards based on industry best practices. Knowledge of cloud security practices and containerization concepts. Understanding of risk management and risk evaluations of security or incident events. Proficient in Microsoft Office apps (Outlook, Word, Excel, PowerPoint, Teams). Required Documents
Cover Letter Resume California applicants, please review the Costco Applicant Privacy Notice. Pay Ranges Level 2 - $95,000 - $130,000 Level 3 - $125,000 - $165,000 We offer a comprehensive benefits package including paid time off, health benefits, health care reimbursement accounts, dependent care assistance, disability and life insurance, 401(k), stock purchase plan, and more. Costco is an equal opportunity employer. If you need assistance due to a disability during the application process, please contact IT-Recruiting@costco.com. If hired, you will be required to provide proof of authorization to work in the United States. Some positions may not be sponsored for work authorization. Seniority level
Mid-Senior level Employment type
Full-time Job function
Information Technology Industries Retail Referrals increase your chances of interviewing at Costco Wholesale.
#J-18808-Ljbffr
Join to apply for the
IT Security Analyst - Costco Travel
role at
Costco Wholesale . Costco Travel IT is responsible for the
technical future of Costco Wholesale , the third largest retailer in the world with wholesale operations in fourteen countries. This environment is family, employee centric, and focused on transformation and growth. Costco Travel IT is a dynamic, fast-paced group building the next generation retail environment with dedicated and professional staff. Security Analysts
support the values and business goals related to legal, ethical, and regulatory obligations; protect privacy; and maintain a secure technology environment. Security Analysts develop and execute security controls, defenses, and countermeasures to intercept and prevent internal/external attacks, infiltration of company data, and compromising of systems. They research attempted or successful efforts to compromise systems security; design countermeasures; implement and maintain physical, technical, and administrative security controls; and provide management with information about the negative impact to the business. The
Security Analyst
has broad responsibilities for supporting Costco Travel’s values and business goals related to meeting legal, ethical, and regulatory obligations; protecting member privacy; and maintaining a secure technology environment. The role provides consultative services, works with vendors for product consideration and recommendation, performs monitoring and auditing of information system activities, creates and maintains documentation related to policies, standards and procedures, evaluates and recommends security controls, and performs security risk assessments. If you want to be part of one of the world’s best companies to work for, simply apply and let your career be reimagined. Role
Provides security and technical expertise to support the development of security objects to satisfy business requirements. Analyzes and administers security policies to control physical and virtual system access. Identifies and investigates security issues and develops security solutions that address compliance requirements. Identifies, develops, and implements mechanisms to detect security incidents to enhance compliance and support of security standards and procedures. Assesses business role requirements, reviews authorization roles, and supports authorizations. Demonstrates a comprehensive skill set with testing authorizations for multiple environments and coordinates testing with business/technical users. Validates system configurations to ensure the safety of information systems assets and protects information systems from unauthorized access or destruction. Implements best practices when applying knowledge of information systems security standards/practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling). Designs and coordinates activities/engagements with other departments (loss prevention, legal, networking, etc.). Identifies security gaps that expose Costco to potential exploit and develops short- and long-term remediation plans. Develops and executes security controls, defenses, and countermeasures to intercept and prevent data infiltrations. Determines strategy and protocol for network behavior, analysis techniques, and tool implementation. Identifies and resolves problems, anticipates issues, evaluates options, and implements solutions that support the business. Provides subject matter expertise in systems security policies, standards/practices, protocols, and technologies. Configures, deploys, maintains, and supports security tools. Protects confidentiality, integrity, and availability of information from unauthorized disclosure. Creates dashboards, configures alerts, implements and supports security software platforms, and monitors tools/apps. Identifies opportunities for streamlining and continuous process improvement. Implements practices, processes, and procedures consistent with Costco’s information security policy and IT standards. Develops and documents security events and incident handling procedures into Playbooks. Ensures incident documentation is comprehensive, accurate, and complete. Triages, prioritizes, investigates, and coordinates security events and incident handling activities. Required
4+ years of verifiable Information Security related experience. Ability to clearly communicate Information Security matters to both technical and non-technical audiences (including executives, auditors, and end users). Ability to interpret information security data and processes to identify potential compliance issues. Ability to understand security systems quickly to identify and validate security requirements. Knowledge and understanding of PCI, GDPR, SOX, CCPA and other regulatory directives. Experience implementing vulnerability scanning technologies and performing vulnerability scans and assessments using tools such as Nessus. Experience with Endpoint Detection and Response (EDR) technologies and processes. Strong understanding of Windows, Unix/Linux, networking, telephony, and wireless security. Experience administering and using at least three of the following: IDS/IPS, SIEM, DLP, endpoint security, encryption, penetration testing tools, firewalls, content filtering, anti-virus, WAFs, secure code development/testing tools. Strong knowledge of network topologies and protocols (TCP, UDP, TLS, SFTP, SMTP, NTP, NetBIOS, DHCP). Working knowledge of information security standards and practices (e.g., access control and system hardening, system audit and log monitoring, security policies, incident handling). Self-motivated and able to coordinate with others to implement changes. Ability to manage and prioritize multiple tasks and work with little or no supervision. Willingness to support off-hours work as required (evenings, weekends, holidays). Team oriented and willing to assist other members when needed. Recommended
A Bachelor’s degree or equivalent experience in Computer Science or related field. CISSP, GIAC, SANS or equivalent security certifications desired. Experience with security testing of enterprise networks. Experience with tools such as Nmap, NetCat, and Enum. Experience with File Integrity Management tools. Experience with packet sniffers and analysis of packet captures in security event research and analysis. Experience with current web-server security and maintenance (Apache, IIS, Java, etc.). Experience with web application security, secure coding and OWASP. Strong problem solving and analytical skills. Experience with penetration testing tools, leading incident response teams, and ethical hacking techniques. Experience using forensic tools and performing forensic collections. Experience designing processes and creating policies and standards based on industry best practices. Knowledge of cloud security practices and containerization concepts. Understanding of risk management and risk evaluations of security or incident events. Proficient in Microsoft Office apps (Outlook, Word, Excel, PowerPoint, Teams). Required Documents
Cover Letter Resume California applicants, please review the Costco Applicant Privacy Notice. Pay Ranges Level 2 - $95,000 - $130,000 Level 3 - $125,000 - $165,000 We offer a comprehensive benefits package including paid time off, health benefits, health care reimbursement accounts, dependent care assistance, disability and life insurance, 401(k), stock purchase plan, and more. Costco is an equal opportunity employer. If you need assistance due to a disability during the application process, please contact IT-Recruiting@costco.com. If hired, you will be required to provide proof of authorization to work in the United States. Some positions may not be sponsored for work authorization. Seniority level
Mid-Senior level Employment type
Full-time Job function
Information Technology Industries Retail Referrals increase your chances of interviewing at Costco Wholesale.
#J-18808-Ljbffr