Security Analyst

Overview Security Analyst – Costco Travel (Costco IT). Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world. The Security Analyst will support legal, ethical, and regulatory obligations; protect member privacy; and maintain a secure technology environment. Responsibilities Provides security and technical expertise to support the development of security objects to satisfy business requirements. Analyzes and administers security policies to control physical and virtual system access. Identifies and investigates security issues and develops security solutions that address compliance requirements. Identifies, develops, and implements mechanisms to detect security incidents to enhance compliance and support security standards. Assesses business role requirements, reviews authorization roles, and supports authorizations. Tests authorizations for multiple environments and coordinates testing with business/technical users. Validates system configurations to ensure the safety of information system assets and protects information systems from intentional or inadvertent access or destruction. Implements best practice when applying knowledge of information systems security standards/practices (e.g., access control, system hardening, system audit and log file monitoring, security policies, and incident handling). Designs and coordinates activities/engagements with other departments (loss prevention, legal, networking, etc.). Develops and executes security controls, defenses, and countermeasures to intercept and prevent internal/external data infiltrations. Determines strategy and protocol for network behavior, analysis techniques, and tool implementation. Identifies and resolves problems, anticipates issues before they arise, evaluates options, and implements solutions that support the business. Provides subject matter expertise in systems security policies, standards/practices, protocols, and technologies. Configures, deploys, maintains, and supports security tools. Protects confidentiality, integrity, and availability of information from being disclosed to unauthorized parties. Creates dashboards, configures alerts, implements and supports security software platforms, and monitors tools/apps. Identifies opportunities for process improvement and increased effectiveness. Implements practices, processes, and procedures consistent with Costco's information security policy and IT standards. Develops and documents security events and incident handling procedures into playbooks. Ensures that incident documentation is comprehensive, accurate, and complete. Triages, prioritizes, investigates, and coordinates security events and incident handling activities. Identifies security gaps that expose Costco to potential exploit and develops short‑ and long‑term prioritized remediation plans. Required Qualifications 4+ years of verifiable Information Security related experience. Ability to clearly communicate Information Security matters to both technical and non‑technical audiences, including executives, auditors, and end‑users. Ability to interpret information security data and processes to identify potential compliance issues. Ability to quickly understand security systems in order to identify and validate security requirements. Knowledge of PCI, GDPR, SOX, CCPA, and other regulatory directives. Experience implementing vulnerability scanning technologies and performing vulnerability scans and assessments using tools such as Nessus. Experience with Endpoint Detection and Response (EDR) technologies and processes. Strong understanding of Windows, Unix/Linux, networking, telephony, and wireless security skills. Experience administering and using at least three of the following technologies: IDS/IPS, security information and event correlation, DLP, endpoint security, encryption, penetration testing tools, firewalls, content filtering, anti‑virus, Web Application Firewall, secure code application development and testing tools. Strong knowledge of network topologies and protocols (TCP, UDP, TLS, SFTP, SMTP, NTP, NetBIOS, DHCP). Working knowledge of information systems security standards and practices (access control, system hardening, audit and log file monitoring, security policies, incident handling). Self‑motivated and able to coordinate with others to implement changes. Ability to manage and prioritize multiple tasks and projects with little or no supervision. Able to support off‑hours work as required, including evenings, weekends, holidays. Able to be team oriented and willing to assist other members when needed. Recommended Qualifications Bachelor’s degree or equivalent experience in Computer Science or related field. CISSP, GIAC, SANS, or other security certifications preferred. Experience with security testing of enterprise networks. Experience with tools such as Nmap, NetCat, and Enum. Experience with File Integrity Management tools. Experience with packet sniffers and analysis of packet captures for security event research and analysis. Experience with current web‑server security and maintenance (Apache, IIS, Java, etc.). Experience with web application security, secure coding, and OWASP. Excellent problem determination, troubleshooting, and analytical skills. Experience with penetration testing tools, leading incident response teams, and ethical hacking techniques. Experience using forensic tools and performing forensic collections. Experience designing processes and creating policies and standards based on industry best practices. Knowledge of cloud security practices and containerization concepts. Understanding of risk management and risk evaluations of security or incident events. Proficient in Microsoft Workspace applications (Outlook, Word, Excel, PowerPoint, Teams). Required Documents Cover Letter Resume Pay Range Level 2 – $95,000–$130,000Level 3 – $125,000–$165,000 Benefits Paid time off Health benefits (medical, dental, vision, hearing aid, pharmacy, behavioral health, employee assistance) Health care reimbursement account Dependent care assistance plan Short‑term and long‑term disability insurance AD&D insurance Life insurance 401(k) Stock purchase plan for eligible employees EEO Statement California applicants, please click to review the Costco Applicant Privacy Notice.Costco is committed to a diverse and inclusive workplace. Costco is an equal‑opportunity employer. Qualified applicants will receive consideration for employment without regard to race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to IT‑Recruiting@costco.com.If hired, you will be required to provide proof of authorization to work in the United States. In some cases, selected positions will not sponsor work authorization, including, but not limited to, H1‑B visas. #J-18808-Ljbffr