Cyber Security Analyst – Vulnerability Scanning

This is an environment unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others. In 2018, Costco contributed over $39 million to organizations such as United Way and Children’s Miracle Network Hospitals.

Costco IT is responsible for the technical future of Costco Wholesale, the second largest retailer in the world with wholesale operations in twelve countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. As proof, Costco consistently ranks in the top five of Forbes “America’s Best Employers”.

The role of each Information Security team member is to support the overarching values and business goals of Costco, including meeting legal, ethical and regulatory obligations; protecting member privacy; maintaining a secure technology environment for our operations.

The Analysts perform configuration, troubleshooting, monitoring, and auditing of information system activities utilizing multiple security related tools to ensure security best practices are enforced; create and maintain documentation related to policies, standards and procedures; mentor team members with lesser subject matter expertise; provide consultative services to teams and stakeholders to improve the vulnerability scanning of their environments. Also works with vendors for product consideration and recommendation.

The Analyst should have in-depth working experience and knowledge of vulnerability assessment methodologies and tools such as Nessus or Qualys. They should have solid skills in Windows and Linux, and familiarity with networks in a Cisco environment, and have in-depth knowledge and work experience with security best practices.

If you want to be a part of one of theBEST “to work for” companies in the world, simply apply and let your career be reimagined.


  • Works analytically to solve both tactical and strategic problems within the vulnerability management program.
  • Plans, develops, configures, and executes vulnerability scans using tools such as Tenable-Nessus or Qualys Web application Scanning on a wide variety of global corporate and business information systems both on prem and cloud based.
  • Collects and aggregates information from a wide variety of sources and formats for relevance to our environment; monitors and provides metrics on threat level of vulnerabilities.
  • Identifies attack surface reduction opportunities through vulnerability data analysis.
  • Establishes rapport with other IS teams to mature the vulnerability management program.
  • Actively contributes and participates in team activities and planning in regards to improving team skills, awareness, communication, reputation, and quality of work.
  • Effectively collaborates and communicates with Compliance, Internal Audit, the Business teams and others to identify, analyze, and communicate risk and provides support around vulnerability management within their business requirements.
  • Identifies, develops, and implements mechanisms to detect vulnerabilities and how they may lead to corporate incidents in order to enhance compliance with and support of security standards and procedures.
  • Responds to tickets and incidents in a proactive manner.
  • Coordinates with Incident Response team to remediate security incidents as needed.
  • Understands compliance requirements that may impact security and effectively collaborates with business areas and project teams to develop security solutions that address these requirements.
  • Assumes a leadership role in advocating internally and externally for compliance to security measures to protect corporate applications and environments.
  • Works with information systems owners and administrators to understand their security needs and assists with implementing practices and procedures consistent with Costco’s security policies.
  • Builds and maintains vendor partnerships to further Costco’s mission and goals.
  • Maintains current knowledge of industry trends and standards.
  • Creates and maintains updated environmental documentation, tasks, change records, etc.


  • Minimum of 5 years’ experience in security in an enterprise environment.
  • Hands-on experience with vulnerability scanning tools or endpoint protection.
  • Knowledge of vulnerability management process including remediation planning.
  • Understanding of security frameworks such as PCI, HIPAA, GDPR, etc.
  • Experience with Windows, Linux, and networking environments.
  • Understands the OSI model, as well as IPv4/IPv6 protocol suite.
  • Knowledgeable with multi factor authentication and authentication processes and protocols. Authentication services, as well as PKI and token/certificate based authentication, DNS, and AD structure.
  • Working knowledge of information systems security standards/practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
  • Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers, using appropriate language, examples, and tone.
  • Ability to quickly understand systems in order to identify and validate security requirements.
  • Understands security problems as a balance of both security and business needs.
  • Demonstrated logical and structured approach to time management and task prioritization in support of team work goals.
  • Demonstrated high level of communication skills, both verbal and written.
  • Proactively pursues professional growth in the areas of technology, business knowledge, and Costco policies and platforms.
  • Strong analytical skills, documentation skills and awareness of change management.
  • Ability to adapt to changing priorities.
  • Possesses a strong collaborative mindset, able to function as a contributing member of the team.
  • Ability to handle highly confidential information in a strictly professional manner.
  • Willingness to work outside of regular business hours, as required.


  • Experience with patching or remediation.
  • One or more professional audit or security certifications such as CISA, GSEC or CISSP (or equivalent experience).
  • General knowledge of enterprise-level applications such as SAP, etc.
  • General networking knowledge.
  • General cloud knowledge.
  • Experience with tools such as NMAP, DNS, NTP and Citrix, NGFW and various SIEMs.
  • Working knowledge of secure protocols and technologies such as TCP, UDP, SSL, FTP, SMTP, NetBIOS, and DHCP.
  • Familiarity with Kanban or Agile continuous improvement methodologies.
  • Experience in endpoint protection tools is helpful.
  • Experience developing and reporting enterprise level metrics.
  • Experience with Power BI.

Required Documents

  • Cover Letter
  • Resume

California applicants, please click here to review the Costco Applicant Privacy Notice.

Apart from any religious or disability considerations, open availability is needed to meet the needs of the business. If hired, you will be required to provide proof of authorization to work in the United States. Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas.

More Information

Apply for this job

Leave your thoughts

Share this job