Did you know?
Costco, the second largest retailer in the US, with operations in eight countries, needs technology leaders to join our IT division. We are in the midst of explosive worldwide growth and your IT skills can make an immediate contribution. With our rapid technology change and growth, we offer great career opportunities in a family atmosphere where our employees thrive. At Costco, the quality you see in our warehouses is reflected in every area of our business and we are widely recognized for our commitment to our employees.
Description of position
The role of every Information Security team member is to support the overarching values and business goals of Costco Wholesale as they relate to meeting legal, ethical and regulatory obligations; protecting member privacy; and maintaining a security technology environment for our operations. The Information Security Analyst provides consultative services, works with vendors for product consideration and recommendation, performs monitoring and auditing of information system activities, creates and maintains documentation related to policies, standards and procedures; and, mentors team members with lesser subject matter expertise.
Tasks and responsibilities
- Perform the project manager role on security-related projects
- Assess and/or design centralized user and configuration management systems
- Perform and/or coordinate regular security assessments of existing or new infrastructure
- Perform duties necessary to assist in establishing practices and system configurations to ensure the safety of information systems assets and to protect information systems from intentional or inadvertent access or destruction
- Work with information systems custodians (i.e., department managers, user community and systems administrators) at different levels in the organization to understand their respective security needs and assist with implementing practices and procedures consistent with Costco’s Information Security Policy
- Assist with monitoring and auditing of information systems activities and systems to confirm information security policy compliance and provide management with security policy compliance assessments and system monitoring reports
- Develop and maintain centralized information systems security standards, procedures, and guidelines
- Work with stakeholders to provide security solutions that support their business requirements
- Identify, develop, and implement mechanisms to detect security incidents in order to enhance compliance with and support of security standards and procedures in place
- Conduct security risk assessments on new products and systems, periodic security risk assessments on existing systems and identify and/or recommend appropriate security countermeasures and best practices
- Respond to discovered security incidents by informing appropriate custodians, determine root cause, and identify and execute remedial actions (if necessary) required to re-establish respective information system security
- Coordinate activities or engagements with loss prevention, interact with legal and law enforcement as required
Required skills, abilities, and certifications
- A Bachelor’s degree in Computer Science or a minimum of 2 to 4 years of information systems security or related data processing auditing experience.
- One or more professional audit or security certifications such as CISA or CISSP (or equivalent experience).
- Experience with firewalls, routers, load balancers and DMZ silos
- Ability to work effectively, independent of assistance or supervision
- Innovative, creative, and extremely responsive with a strong sense of urgency
- Willing to share knowledge and assist others in understanding technical and business topics.
- Willingness to work outside of regular business hours as required which can include evenings, weekends and holidays
- Working knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling)
- Demonstrated experience of “hands on” security knowledge of one or more of the following platforms: Windows or UNIX (preferably AIX)
- Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers using appropriate language, examples, and tone.
- Ability to clearly communicate Information Security matters to executives, auditors and end users
- Experience with tools such as NMAp, NetCat and Enum
- Experience with DNS,NTP and TACACS, IDS, IPS and various SIEMS
- Working knowledge of protocols such as TCP, UDP, SSL, FTP, SMTP, NetBIOS and DHCP.
- Ability to interpret information security data and processes to identify potential compliance issues
- Ability to quickly understand security systems in order to identify and validate security requirements
Recommended skills and capabilities
- Must be proficient in Microsoft software: Outlook 2003, Word, Excel, PowerPoint, and SharePoint
- Experience with performing vulnerability scans and assessments as well as computer forensics
- Familiarity with SOA governance and policy management best practices
To Apply: Email your current resume to http://tbe.taleo.net/NA1/ats/careers/jobSearch.jsp?org=COSTCO&cws=1 If hired, you will be required to provide proof of authorization to work in the United States. Employment is contingent upon successfully passing a pre-employment drug test and background check.