Did you know?
Costco Wholesale is a multi-billion dollar global retailer with warehouse club operations in eight countries. We are the recognized leader in our field, dedicated to quality in every area of our business and respected for our outstanding business ethics. Despite our large size and explosive international expansion, we continue to provide a family atmosphere in which our employees thrive and succeed. We are proud to have been named by Washington CEO Magazine as one of the TOP THREE companies to work for in the entire state of Washington!
Description of position
The role of every Information Security team member is to support the overarching values and business goals of Costco Wholesale as they relate to meeting legal, ethical and regulatory obligations; protecting member privacy; and maintaining a security technology environment for our operations.
The Information Security Analyst provides consultative services, works with vendors for product consideration and recommendation, performs monitoring and auditing of information system activities, creates and maintains documentation related to policies, standards and procedures; and, mentors team members with lesser subject matter expertise.
Tasks and responsibilities
· Perform the project manager role on security-related projects.
· Assess and/or design centralized user and configuration management systems.
· Perform and/or coordinate regular security assessments of existing or new infrastructure.
· Perform duties necessary to assist in establishing practices and system configurations to ensure the safety of information systems assets and to protect information systems from intentional or inadvertent access or destruction.
· Work with information systems custodians (i.e., department managers, user community and systems administrators) at different levels in the organization to understand their respective security needs and assist with implementing practices and procedures consistent with Costco’s Information Security Policy.
· Assist with monitoring and auditing of information systems activities and systems to confirm information security policy compliance and provide management with security policy compliance assessments and system monitoring reports.
· Develop and maintain centralized information systems security standards, procedures, and guidelines.
· Work with stakeholders to provide security solutions that support their business requirements.
· Identify, develop, and implement mechanisms to detect security incidents in order to enhance compliance with and support of security standards and procedures in place.
· Conduct security risk assessments on new products and systems, periodic security risk assessments on existing systems and identify and/or recommend appropriate security countermeasures and best practices.
· Respond to discovered security incidents by informing appropriate custodians, determine root cause, and identify and execute remedial actions (if necessary) required to re-establish respective information system security.
· Coordinate activities or engagements with loss prevention, interact with legal and law enforcement as required.
Required skills, abilities, and certifications
· A Bachelor’s degree in Computer Science or a minimum of 2 to 4 years of information systems security or related data processing auditing experience.
· One or more professional audit or security certifications such as CISA or CISSP (or equivalent experience).
· Experience with firewalls, routers, load balancers and DMZ silos.
· Ability to work effectively, independent of assistance or supervision.
· Innovative, creative, and extremely responsive with a strong sense of urgency.
· Willing to share knowledge and assist others in understanding technical and business topics.
· Willingness to work outside of regular business hours as required which can include evenings, weekends and holidays.
· Working knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
· Demonstrated experience of “hands on” security knowledge of one or more of the following platforms: Windows or UNIX (preferably AIX).
· Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers using appropriate language, examples, and tone.
· Ability to clearly communicate Information Security matters to executives, auditors and end users.
· Experience with tools such as NMAp, NetCat and Enum.
· Experience with DNS,NTP and TACACS, IDS, IPS and various SIEMS.
· Working knowledge of protocols such as TCP, UDP, SSL, FTP, SMTP, NetBIOS and DHCP.
· Ability to interpret information security data and processes to identify potential compliance issues.
· Ability to quickly understand security systems in order to identify and validate security requirements.
Recommended skills and capabilities
· Must be proficient in Microsoft software: Outlook 2003, Word, Excel, PowerPoint, and SharePoint.
· Experience with performing vulnerability scans and assessments as well as computer forensics.
· Familiarity with SOA governance and policy management best practices.
To Apply: Email your current resume to IT_JOBS@costco.com . If hired, you will be required to provide proof of authorization to work in the United States.
Costco Wholesale is a multi-billion dollar global retailer with warehouse club operations in eight countries. We are the recognized leader...