85 applicants

Company

Original Job Post

Costco Wholesale · 4 days ago

Security Analyst - Cyber Fraud and Digital Risk

Seattle, WA

Full-time

Hybrid

Entry, Mid Level

$150K/yr - $195K/yr

3+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

E-CommerceRetail

Comp. & Benefits

Insider Connection @Costco Wholesale

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Provides security and technical expertise to support the development of security objects to satisfy business requirements.

Analyzes and administers security policies to control physical and virtual system access.

Identifies and investigates security issues and develops security solutions that address compliance requirements that can/do impact security.

Identifies, develops, and implements mechanisms to detect security incidents in order to enhance compliance and support of the security standards and procedures.

Assesses business role requirements, reviews authorization roles, and supports authorizations.

Demonstrates a comprehensive skill set with testing authorizations for multiple environments and coordinates testing with business/technical users.

Validates system configurations to ensure the safety of information systems assets and protects information systems from intentional or inadvertent access or destruction.

Implements best practice when applying knowledge of information systems security standards/practices (e.g. access control and system hardening, system audit and log file monitoring, security policies, and incident handling).

Designs and coordinates activities/engagements with other departments (loss prevention, legal, networking, etc.).

Identifies security gaps that expose Costco to potential exploit and develop short and long term prioritized remediation to address those gaps.

Develops and executes security controls, defenses, and countermeasures to intercept and prevent internal/external data infiltrations.

Determines strategy and protocol for network behavior, analysis techniques, and tool implementation.

Identifies and resolves problems often anticipating issues before they occur or before they grow; develops and evaluates options; and implements solutions that support the business.

Provides subject matter expertise in systems security policies, standards/practices, protocols, and technologies.

Configures, deploys, maintains, and supports security tools.

Protects confidentiality, integrity, and availability of information from being disclosed to unauthorized parties.

Creates dashboards, configures alerts, implements and supports security software platforms, and monitors tools/apps.

Identifies opportunities for streamlining, and increasing effectiveness through continuous process improvement.

Implements practices, processes, and procedures consistent with Costco's information security policy and IT standards.

Develops and documents security events and incident handling procedures into Playbooks.

Ensures that incident documentation is comprehensive, accurate, and complete.

Triages, prioritizes, investigates, and coordinates security events and incident handling activities.

Creates threat models and penetration test scopes to support security testing and red team.

Performs project and solution security assessments for existing and new applications and infrastructure.

Facilitates penetration test engagements using a penetration testing methodology and framework.

Prepares access and permissions for penetration test engagements.

Works with information systems custodians (i.e., department managers, user community, and systems administrators) at different levels in the organization to understand their respective security needs; and assists with implementing practices and procedures consistent with Costco’s Information Security Policy and industry standards.

Assists with auditing of information systems activities and systems to confirm information security policy compliance; and provides management with security policy compliance assessments.

Works with stakeholders to identify security solutions that support their business requirements.

Partners with other Information Security groups to conduct security risk assessments on new solutions and systems, periodic security risk assessments on existing systems; and identifies and/or recommends appropriate security countermeasures and best practices.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Threat modelingSecurity assessmentsEvaluating mitigating controlsEcommerceCyber fraudNetworking technologiesFirewallsRoutersLoad balancersProxiesInformation systems security standardsAccess controlSystem hardeningSystem auditLog file monitoringSecurity policiesIncident handlingSDLC methodsWaterfallSCRUMAgileSecurity productsAnalysis of alternativesNetwork-based detective controlsOMSIPSSIEMsWeb technologiesInterpretation of security dataCompliance issues

Required

Experience with Threat Modeling, security assessments, and evaluating mitigating controls in the ecommerce and cyber fraud space.

Experience with networking technologies such as firewalls, routers, load balancers, and proxies.

Working knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling).

An understanding of and experience with multiple SDLC methods such as waterfall, SCRUM, and/or Agile.

Excellent verbal and written communication skills (facilitation, negotiation, conflict resolution) at all levels; ability to clearly communicate information in ways that can be easily understood by both technical and non-technical audiences.

Ability to translate technical ideas/designs to multiple audiences, including Executives.

Knowledge of a broad spectrum of security products and ability to conduct analysis of alternatives to onboard new enterprise capabilities.

Experience with network-based detective controls such as OMS, IPS, and various SIEMs.

Working knowledge of web technologies.

Ability to interpret information security data and processes to identify potential compliance issues.

Ability to quickly understand complicated data flows in order to identify and validate security requirements.

A team player; willingness to establish a strong positive working relationship with all areas of the business.

Ability to work effectively, independent of assistance or supervision.

Innovative, creative, and extremely responsive with a strong sense of urgency.

Ability to clearly communicate Information Security matters to Law Enforcement, Government entities, executives, auditors, end users, and engineers using appropriate language, examples, and tone.

Willingness to share knowledge and assist others in understanding technical and business topics.