Job Description

Job Role : IT Security Analyst
Location: Costco Travel, Issaquah, WA
Full Time Role

Position Summary
Security Analysts support the values and business goals as they relate to legal, ethical, and regulatory obligations; protect
privacy; and maintain a secure technology environment. Security Analysts develop and execute security controls, defenses,
and countermeasures to intercept and prevent internal/external attacks, infiltration of company data, and compromising of
systems and accounts. Security Analysts research attempted/successful efforts to compromise systems security; design
countermeasures; implement and maintain physical, technical, and administrative security controls; and provide information to
management regarding the negative impact to the business.
The Security Analyst has broad responsibilities for supporting the overarching values and business goals of Costco Travel as
they relate to meeting legal, ethical, and regulatory obligations; protecting member privacy; and maintaining a secure
technology environment. The Security Analyst provides consultative services, works with vendors for product consideration and
recommendation, performs monitoring and auditing of information system activities, creates and maintains documentation
related to policies, standards and procedures, evaluates and recommends security controls and performs security risk
assessments.

Job Duties/Essential Functions

Provides security and technical expertise to support the development of security objects to satisfy business requirements.
Analyzes and administers security policies to control physical and virtual system access.
Identifies and investigates security issues and develops security solutions that address compliance requirements that can/
do impact security.
Identifies, develops, and implements mechanisms to detect security incidents in order to enhance compliance and support
of the security standards and procedures.
Assesses business role requirements, reviews authorization roles, and supports authorizations.
Demonstrates a comprehensive skill set with testing authorizations for multiple environments and coordinates testing with
business/technical users.
Validates system configurations to ensure the safety of information systems assets and protects information systems from
intentional or inadvertent access or destruction.
Implements best practice when applying knowledge of information systems security standards/practices (e.g.access control
and system hardening, system audit and log file monitoring, security policies, and incident handling).
Designs and coordinates activities/engagements with other departments (loss prevention, legal, networking, etc.).
Identifies security gaps that expose Costco to potential exploit and develop short- and long-term prioritized remediation to
address those gaps.
Develops and executes security controls, defenses, and countermeasures to intercept and prevent internal/external data
infiltrations.
Determines strategy and protocol for network behavior, analysis techniques, and tool implementation.
Identifies and resolves problems often anticipating issues before they occur or before they grow; develops and evaluates
options; and implements solutions that support the business.
Provides subject matter expertise in systems security policies, standards/practices, protocols, and technologies.
Configures, deploys, maintains, and supports security tools.
Protects confidentiality, integrity, and availability of information from being disclosed to unauthorized parties.
Creates dashboards, configures alerts, implements and supports security software platforms, and monitors tools/apps.
Identifies opportunities for streamlining, and increasing effectiveness through continuous process improvement.
Implements practices, processes, and procedures consistent with Costco's information security policy and IT standards.
Develops and documents security events and incident handling procedures into Playbooks.
Ensures that incident documentation is comprehensive, accurate, and complete.
Triages, prioritizes, investigates, and coordinates security events and incident handling activities.
Regular and reliable workplace attendance at your assigned location.
Ability to operate vehicles, equipment or machinery.
Computer, phone, printer, copier, fax
Non-Essential Functions
Assists in other areas of the department as necessary.
Assists in other areas of the company as necessary.
Ability to operate vehicles, equipment or machinery.
Same as Essential Functions

Experience, Skills, Education & Licenses/Certifications :

Required:

4+ years of verifiable Information Security related experience.
Demonstrate the ability to clearly communicate Information Security matters (risks, threats, and vulnerabilities, etc.) to both
technical and non-technical audiences (including executives, auditors, and end users).
Ability to interpret information security data and processes to identify potential compliance issues.
Ability to quickly understand security systems in order to identify and validate security requirements.
Knowledge and understanding of PCI, GDPR, SOX, CCPA and other regulatory directives.
Experience implementing vulnerability scanning technologies and performing vulnerability scans and assessments utilizing
tools such as Nessus.
Experience with Endpoint Detection and Response (EDR) technologies and processes.
Demonstrate strong understanding of Windows, Unix/Linux, networking, telephony, and wireless security skills.
Experience administering and using at least three of the following technologies: IDS/IPS systems, security information and
event correlations systems, DLP products, endpoint security technologies, encryption technologies, penetration testing
tools, firewalls, content filtering, anti-virus, Web Application Firewalls, and secure code application development and testing
tools.
Strong working knowledge of network topologies and protocols (such as TCP, UDP, TLS, SFTP, SMTP, NTP, NetBIOS and
DHCP).
Working knowledge of information systems security standards and practices (e.g., access control and system hardening,
system audit and log file monitoring, security policies, and incident handling).
Must be self-motivated and able to coordinate with others to implement changes.
Ability to manage and prioritize multiple tasks, projects and ability to work with little or no supervision.
Able to support off hours work as required including evenings, weekends, holidays.
Able to be team oriented and willing to assist other members when needed.

Recommended:

A Bachelor's degree or equivalent experience in Computer Science or related field.
CISSP, GIAC, SANS or equivalent security certifications desired.
Experience with Security testing of enterprise networks.
Experience with tools such as Nmap, NetCat and Enum.
Experience with File Integrity Management tools.
Experience with packet sniffers and analysis of packet captures in support of security event research and analysis.
Experience with current web-server security and maintenance (Apache, IIS, Java, etc.).
Experience with web application security, secure coding and OWASP.
Excellent problem determination/troubleshooting and analytical skills.
Experience with penetration testing tools, leading incident response teams, and ethical hacking techniques.
Experience using forensic tools and performing forensic collections.
Experience designing processes and creating policies and standards based on industry best practices.
Knowledge of cloud security practices and containerization concepts.
Understanding of risk management and risk evaluations of security or incident events.
Proficient in Microsoft Workspace applications, including Outlook, Word, Excel, PowerPoint, and Teams.
Successful internal candidates will have spent one year or more on their current team.
Other Conditions
Management will review the Job Analysis for this position prior to a job offer.

Job Tags

Similar Jobs