Security Analyst - Cybersecurity Infrastructure - Vulnerability Scanning

Job Expired

This is an environment unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others. In 2018, Costco contributed over $39 million to organizations such as United Way and Children’s Miracle Network Hospitals.

Costco IT is responsible for the technical future of Costco Wholesale, the second largest retailer in the world with wholesale operations in twelve countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. As proof, Costco consistently ranks in the top five of Forbes “America’s Best Employers”.

The role of every Cybersecurity Infrastructure team member is to support the overarching values and business goals of Costco Wholesale as they relate to meeting legal, ethical, and regulatory obligations; protecting members’ and employees’ privacy; and maintaining a security technology environment for our operations.

This Security Analyst position will be a member of the Cybersecurity Infrastructure – Vulnerability Scanning team that will perform configuration, troubleshooting, monitoring, and auditing of information system activities utilizing multiple security related tools to ensure security best practices are enforced; create and maintain documentation related to policies, standards, and procedures; mentor team members; and provide consultative services to teams and stakeholders to improve the vulnerability scanning of their environments.

The Analyst should have in-depth working experience and knowledge of vulnerability assessment methodologies and tools such as Tenable, Qualys, or Tanium. They should have solid skills in Windows and Linux, and familiarity with networks; and have in-depth knowledge and work experience with security best practices.

If you want to be a part of one of theBEST “to work for” companies in the world, simply apply and let your career be reimagined.

ROLE

Works analytically to solve both tactical and strategic problems within the vulnerability management program.
Plans, develops, configures, and executes vulnerability scans using tools such as Tenable, Qualys, or Tanium on a wide variety of global corporate and business information systems both on prem and cloud based.
Collects and aggregates information from a wide variety of sources and formats for relevance to our environment; monitors and provides metrics on threat level of vulnerabilities.
Identifies attack surface reduction opportunities through vulnerability data analysis.
Establishes rapport with other IS teams to mature the vulnerability management program.
Contributes and participates in team activities and planning in regards to improving team skills, awareness, communication, reputation, and quality of work.
Collaborates and communicates with Compliance, Internal Audit, the Business teams, and others to identify, analyze, and communicate risk; and provides support around vulnerability management within their business requirements.
Identifies, develops, and implements mechanisms to detect vulnerabilities and how they may lead to corporate incidents in order to enhance compliance with and support of security standards and procedures.
Responds to tickets and incidents in a proactive manner.
Coordinates with the Incident Response team to remediate security incidents as needed.
Understands compliance requirements that may impact security and effectively collaborates with business areas and project teams to develop security solutions that address these requirements.
Assumes a leadership role in advocating internally and externally for compliance to security measures to protect corporate applications and environments.
Works with information systems owners and administrators to understand their security needs and assists with implementing practices and procedures consistent with Costco’s security policies.
Builds and maintains supplier partnerships to further Costco’s mission and goals.
Maintains current knowledge of industry trends and standards.
Creates and maintains environmental documentation, tasks, change records, etc.

REQUIRED

3+ years’ experience in security in an enterprise environment.
Hands-on experience with vulnerability scanning tools or endpoint protection such as Tenable, Qualys, or Tanium.
Knowledge of the vulnerability management process including remediation planning.
Thorough understanding of security frameworks such as HIPAA, SOX, PCI, GDPR, CCPA, etc.
Experience with Windows, Linux, and networking environments.
Understands the OSI model, as well as IPv4/IPv6 protocol suite.
Knowledgeable with multi factor authentication and authentication processes and protocols – authentication services, as well as PKI and token/certificate based authentication, DNS, and AD structure.
Working knowledge of information systems security standards/practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers, using appropriate language, examples, and tone.
Ability to quickly understand systems in order to identify and validate security requirements.
Understands security problems as a balance of both security and business needs.
Demonstrated logical and structured approach to time management and task prioritization in support of team work goals.
Demonstrated high level of communication skills, both verbal and written.
Proactively pursues professional growth in the areas of technology, business knowledge, and Costco policies and platforms.
Strong analytical skills, documentation skills, and awareness of change management.
Ability to adapt to changing priorities.
Possesses a strong collaborative mindset; able to function as a contributing member of the team.
Ability to handle highly confidential information in a strictly professional manner.
Scheduling flexibility to meet the needs of the business.

Recommended

Experience with one or more scripting languages.
Experience with patching or remediation.
Experience in endpoint protection tools helpful.
Experience developing and reporting enterprise level metrics.
Experience with Power BI.
One or more professional audit or security certifications such as CISA, GSEC or CISSP (or equivalent experience).
General knowledge of scalable multi-tier enterprise-level applications.
General cloud and networking knowledge.
Experience with technologies such as TCP, UDP, NMAP, DNS, SSL, FTP, SMTP, NetBIOS, DHCP, NGFW, and SIEMs.
Familiarity ITILv2/v3 processes such as Service Support, Service Delivery, or Continual Service Improvement.
Familiarity with Kanban or Agile continuous improvement methodologies.

Required Documents

Cover Letter
Resume

California applicants, please click here to review the Costco Applicant Privacy Notice.

Apart from any religious or disability considerations, open availability is needed to meet the needs of the business. If hired, you will be required to provide proof of authorization to work in the United States. Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas.