This is an environment
unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others. In 2018, Costco contributed over $39 million to organizations such as United Way and Children's Miracle Network Hospitals.
Costco IT is responsible for the
technical future of Costco Wholesale, the second largest retailer in the world with wholesale operations in twelve countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. As proof, Costco consistently ranks in the
top five of Forbes “America’s Best Employers”.
The role of every Cybersecurity Infrastructure team member is to support the overarching values and business goals of Costco Wholesale as they relate to meeting legal, ethical and regulatory obligations, protecting member’s and employee’s privacy, and maintaining a security technology environment for our operations.
The Security Analyst will be a member of the Cybersecurity Infrastructure - Security Logging team that will support, maintain, and develop tools and projects involving log collection technologies with the primary focus on logs necessary for the Security Operations Center to carry out its mission. The Analyst should have in-depth knowledge of logging software and tools. They will: perform auditing of information system activities; create and maintain documentation related to policies, standards and procedures; mentor team members with lesser subject matter expertise. This will involve working with many groups throughout IT both domestically and internationally.
Additionally, this Analyst will possess in-depth working experience and knowledge of logging methodologies and tools such as Syslog, agent based configurations in both a Linux and Windows enterprise environment, log routing, relays, forwarding, centralized collection and parsing. They should have solid skills in Windows and Linux, and work experience with security best practices.
If you want to be a part of one of the
BEST “to work for” companies in the world, simply apply and let your career be reimagined.
ROLE
- Works analytically to solve both tactical and strategic problems.
- Assesses device and configuration management systems.
- Performs and/or coordinates regular security assessments of existing or new infrastructure.
- Analyzes network protocols, data flows, architectural diagrams, and/or network traffic flows in conjunction with security zones and/or architectural strategies to ensure secure communication of data.
- Creates and maintains network and system diagrams and other documentation.
- Performs duties necessary to assist in establishing practices and system configurations to ensure the safety of information systems assets and to protect information systems from intentional or inadvertent access or destruction.
- Works with information systems custodians (i.e., department managers, user community and systems administrators) at different levels in the organization to understand their respective security needs and assist with implementing practices and procedures consistent with Costco’s Information Security Policy.
- Assists with auditing of information systems activities and systems to confirm information security policy compliance and provide management with security policy compliance assessments.
- Partners with other Information Security groups to conduct security assessments on new solutions and systems, periodic security risk assessments on existing systems and identify and/or recommend appropriate security countermeasures and best practices.
Required
- Minimum of 3 - 5 years’ experience in security in an enterprise environment.
- Experience with networking technologies, such as firewalls, routers, switches, load balancers, and proxies.
- Experience with security logging and transport technologies such as Syslog, and agent based collection.
- Demonstrated experience of “hands on” security knowledge of one or more of the following platforms: Syslog, Splunk, ArcSight, ElasticSearch, Azure Log Analytics, Azure Sentinel, Azure Event Hub, etc.
- Working knowledge of information systems security standards and practices (e.g., access control, system hardening, system auditing, log file monitoring, security policies, and incident handling).
- Demonstrated experience of “hands on” security knowledge in Linux and Windows.
- Experience working with log formats such as CEF and LEEF.
- Demonstrated experience of “hands on” parsing of log events in multiple formats.
- Working knowledge of networking protocols, web technologies, and cloud computing.
- Ability to quickly understand complicated data flows in order to identify, validate, and correct security issues.
- Must be a team player and willing to establish a strong positive working relationship with all areas of the business.
- Ability to work effectively, independent of assistance or supervision.
- Innovative, creative and extremely responsive with a strong sense of urgency.
- Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers using appropriate language, examples, and tone.
Recommended
- One or more professional network and security certifications such as Security+, Network+, CCNA, GSEC, CISA or CISSP (or equivalent work experience).
- Experience with Automation and Orchestration in Azure.
- Experience with scripting languages such as PowerShell (Windows), Shell (Linux), Perl, etc. will be very beneficial.
- Familiarity with ITILv2/v3 processes such as Service Support, Service Delivery, or Continual Service Improvement.
- Familiarity with Regulatory Compliance and industry standards, such as HIPAA, SOX, and PCI.
- Familiarity working in a DevOps or DevSecOps environment.
Required Documents
California applicants, please click here to review the Costco Applicant Privacy Notice.
Apart from any religious or disability considerations, open availability is needed to meet the needs of the business. If hired, you will be required to provide proof of authorization to work in the United States. Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas.