IT Security Analyst - Voted Best Place to Work in the US

Costco Travel - Issaquah, WA (30+ days ago)4.2

The secret of Costco’s success is its culture. The value Costco and Costco Travel puts on its employees is well documented in articles from a variety of publishers including Bloomberg. At Costco Travel IT we pride ourselves in our small, nimble teams that collaborate on common problems across products and focus areas.

As a result, your exposure to broad sets of problems gives you diverse technical challenges as well as accelerated technical and career growth. We are passionate about software quality and constantly advocating for our customers.

As a Security Analyst, you will have broad responsibilities for supporting the overarching values and business goals of Costco Travel as they relate to meeting legal, ethical and regulatory obligations; protecting member privacy; and maintaining a security technology environment for our operations. The Security Analyst provides consultative services, works with vendors for product consideration and recommendation, performs monitoring and auditing of information system activities, creates and maintains documentation related to policies, standards and procedures, evaluates and recommends security controls and performs security risk assessments.

  • Monitor and audit compliance with vulnerability management standards and policies.
  • Coordinate regulatory and industry compliance activities with internal and external organizations.
  • Establish and assist with monitoring and auditing of information systems activities and systems to confirm information security policy compliance and provide management with security policy compliance assessments and system monitoring reports.
  • Perform and/or coordinate regular security assessments of existing or new infrastructure.
  • Perform duties necessary to assist in establishing practices and system configurations to ensure the safety of information systems assets and to protect information systems from intentional or inadvertent access or destruction.
  • Work with information systems custodians (i.e., department managers, user community and systems administrators) at different levels in the organization to understand their respective security needs and assist with implementing practices and procedures consistent with Costco’s Information Security Policy.
  • Develop and maintain centralized information systems security standards, procedures, and guidelines.
  • Work with stakeholders to provide security solutions that support their business requirements.
  • Identify, develop, and implement mechanisms to detect security incidents in order to enhance compliance with and support of security standards and procedures in place.
  • Conduct security risk assessments on new products and systems, periodic security risk assessments on existing systems and identify and/or recommend appropriate security countermeasures and best practices.
  • Respond to discovered security incidents by informing appropriate custodians, determine root cause, and identify and execute remedial actions (if necessary) required to re-establish information system security.
  • Provide 24 X 7 On-Call support as needed
  • 4+ years of verifiable Information Security related experience.
  • Demonstrate the ability to clearly communicate Information Security matters (risks, threats, and vulnerabilities, etc.) to both technical and non-technical audiences (including executives, auditors, and end users).
  • Ability to interpret information security data and processes to identify potential compliance issues.
  • Ability to quickly understand security systems in order to identify and validate security requirements.
  • Knowledge and understanding of PCI, GDPR, SOX, and other regulatory directives.
  • Experience implementing vulnerability scanning technologies and performing vulnerability scans and assessments utilizing tools such as Nessus.
  • Demonstrate strong understanding of Windows, Unix/Linux, networking, telephony, and wireless security skills.
  • Experience administering and using at least three of the following technologies: IDS/IPS systems, security information and event correlations systems, DLP products, endpoint security technologies, encryption technologies, penetration testing tools, firewalls, content filtering, anti-virus, Web Application Firewalls, and secure code application development and testing tools.
  • Strong working knowledge of network topologies and protocols (such as TCP, UDP, TLS, SFTP, SMTP, NTP, NetBIOS and DHCP).
  • Working knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
  • Must be self-motivated and able to coordinate with others to implement changes.
  • Ability to manage and prioritize multiple tasks, projects and ability to work with little or no supervision.
  • Willingness to work outside of regular business hours as required which can include evenings, weekends and holidays.
  • CISSP, GIAC, SANS or equivalent security certifications desired.
  • Experience with Security testing of enterprise networks.
  • Experience with tools such as NMAp, NetCat and Enum.
  • Experience with packet sniffers and analysis of packet captures in support of security event research and analysis.
  • Experience with current web-server security and maintenance (Apache, IIS, Java, etc.).
  • Experience with web application security, secure coding and OWASP.
  • Excellent problem determination/troubleshooting and analytical skills.
  • Experience with penetration testing tools, leading incident response teams, and ethical hacking techniques.
  • Experience using forensic tools and performing forensic collections.
Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas. If hired, you will be required to provide proof of authorization to work in the United States. Apart from any religious or disability considerations, open availability is needed to meet the needs of the business. NO EXTERNAL RECRUITERS OR VENDORS PLEASE. WE ARE ONLY HIRING IN THE SEATTLE REGION FOR THIS ROLE.