Security Analyst - Cybersecurity Engineering - Email Security

This is an environment unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others. In 2021, Costco contributed over $58 million to organizations such as United Way and Children's Miracle Network Hospitals.

Costco IT is responsible for the technical future of Costco Wholesale , the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. As proof, Costco ranks seventh in Forbes “World’s Best Employers” .

Security Analysts support the values and business goals as they relate to legal, ethical, and regulatory obligations; protect privacy; and maintain a secure technology environment. Security Analysts develop and execute security controls, defenses, and countermeasures to intercept and prevent internal/external attacks, infiltration of company data, and compromising of systems and accounts. Security Analysts research attempted/successful efforts to compromise systems security; design countermeasures; implement and maintain physical, technical, and administrative security controls; and provide information to management regarding the negative impact to the business.

The Security Analyst will be a member of the Cybersecurity Engineering - Email Security team that will support, maintain, and deploy tools and projects involving email security technologies. Additionally, perform auditing of information system activities; create and maintain documentation related to policies, standards, and procedures; and mentor team members. This role will involve working with many groups throughout IT both domestically and internationally.

If you want to be a part of one of the worldwide BEST companies “to work for”, simply apply and let your career be reimagined.

ROLE

Provides security and technical expertise to support the development of security objects to satisfy business requirements.

Identifies and investigates security issues and develops security solutions that address compliance requirements that can/ do impact security.

Develops and executes security controls, defenses, and countermeasures to intercept and prevent internal/external data infiltrations.

Determines strategy and protocol for network behavior, analysis techniques, and tool implementation.

Protects confidentiality, integrity, and availability of information from being disclosed to unauthorized parties.

Creates dashboards, configures alerts, implements and supports security software platforms, and monitors tools/apps.

Implements practices, processes, and procedures consistent with Costco's information security policy and IT standards.

Develops and documents security events and incident handling procedures into Playbooks.

Ensures that incident documentation is comprehensive, accurate, and complete.

Works analytically to solve both tactical and strategic problems.

Assesses centralized user and configuration management systems.

Performs and/or coordinates regular security assessments of existing or new infrastructure.

Analyzes network protocols, email flows, and/or architectural diagrams in conjunction with security policies and/or architectural strategies to ensure secure communications.

Creates and maintains network and system diagrams and other documentation.

Performs duties necessary to assist in establishing practices and system configurations to ensure the safety of information systems assets and to protect information systems from intentional or inadvertent access or destruction.

Identifies, develops, and implements mechanisms to detect security incidents in order to enhance compliance with and in support of security standards and procedures.

Works with information systems custodians (i.e., department managers, user community, and systems administrators) at different levels in the organization to understand their respective security needs and assist with implementing practices and procedures consistent with Costco’s Information Security Policy.

Responds to discovered security incidents by informing appropriate custodians; determines root cause; and identifies and executes remedial actions (if necessary) required to re-establish respective information system security.

Assumes a leadership role in advocating internally and externally for compliance to security measures to protect Costco’s applications and environments.

Assists with auditing of information systems activities and systems to confirm information security policy compliance; and provides management with security policy compliance assessments.

Partners with other Information Security groups to conduct security assessments on new solutions and systems, periodic security risk assessments on existing systems, and identifies and/or recommends appropriate security countermeasures and best practices.

Maintains current knowledge of industry trends and standards.

REQUIRED

Willing to share knowledge with co-workers and assist them in understanding technical and business topics.

Working knowledge of information systems security standards and practices (e.g., access control, system hardening, system auditing, log file monitoring, security policies, and incident handling).

Ability to understand email systems and troubleshoot mail flow.

Strong prioritization and investigative skills.

Familiarity with Domain Registration and management.

Working knowledge of networking protocols, web technologies, and cloud computing.

Ability to interpret information security data and processes to identify potential compliance issues.

Ability to quickly understand complicated data flows in order to identify and validate security requirements.

Must be a team player and willing to establish a strong positive working relationship with all areas of the business.

Ability to work effectively, independent of assistance or supervision.

Innovative, creative, and extremely responsive with a strong sense of urgency.

Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers using appropriate language, examples, and tone.

Recommended

A Bachelor’s degree in Computer Science or a minimum of five years’ of information systems security administration experience.

Working knowledge of mail flow in email platforms like Exchange, Gmail, etc.

One or more professional network and security certifications such as Security+, Network+, CCNA, GSEC, CISA or CISSP, or equivalent work experience.

Experience using and supporting SIEMs.

Experience performing computer forensics.

Familiarity ITILv2/v3 processes such as Service Support, Service Delivery, or Continual Service Improvement.

Familiarity with Regulatory Compliance and industry standards, such as HIPAA, SOX, and PCI.

Familiarity in a DevOps or DevSecOps environment.

Required Documents

• Resume
• Cover Letter

California applicants, please click here to review the Costco Applicant Privacy Notice.

Pay Range:

$150,000 - $195,000

We offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.

Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to [email protected]

If hired, you will be required to provide proof of authorization to work in the United States.