Firm Name: Costco

Numbers of Jobs: Application Security Analyst

Education Need: Graduate

Job Hours: 8

Payment: $20-$30/Hours

What's Job City: Seattle

Job Details:

• Costco IT is in charge of the company's technological future. It is the third-largest retailer in the world and has wholesale operations in 14 nations. We continue to foster a family-oriented work environment that supports the success of all of our employees despite the size of our business and our rapid international expansion. Costco is evidenced by its seventh-place finish on Forbes' list of the "World's Best Employers.".
•  Given that this environment is unique in the high-tech world, Costco's culture is essential to the company's success. The value that Costco places on its employees is well-documented in articles from a variety of publishers, including Bloomberg and Forbes. Our team members and employees are given priority one. With numerous awards to its credit, Costco is well known for its generosity and dedication to the local community. The company supports numerous opportunities for charitable giving, which motivates its staff to actively volunteer.
•  Join the Costco Wholesale IT family by reserving your spot today. At Costco IT, a dynamic and fast-paced environment, an exciting transformation is currently underway. We are developing the next-generation retail environment, where you will be surrounded by devoted and highly skilled workers.
•  In order to support Costco's overarching values and business goals, each member of the information security team is accountable for upholding all legal, ethical, and regulatory requirements, protecting member privacy, and maintaining a secure technological environment for our operations.
•  Security analysts support organizational goals and values in accordance with legal, moral, and regulatory requirements. Additionally, they protect privacy and uphold a safe digital environment. Security analysts design and implement security defenses, countermeasures, and controls to thwart intrusions into corporate data, internal and external attacks, and compromises of systems and accounts. Security analysts look into attempted and successful attempts to compromise system security, design countermeasures, implement and maintain physical, technical, and administrative security controls, and inform management of the negative effects on the business' operations.
•  Using a variety of application security testing tools, this Application Security Analyst position configures, troubleshoots, monitors, and audits information system activities to guarantee that security best practices are adhered to. In order to improve application security in various stakeholders' environments, it also keeps documentation of policies, standards, and procedures updated, mentors team members, and provides consultative services to teams. Another duty of the security analyst position is to consult with suppliers about and make recommendations for products.
•  Particularly, this security analyst should have substantial professional experience working with and comprehension of application-specific testing methodologies and vulnerabilities. Additionally, a strong understanding of Windows, the cloud, and comprehensive knowledge of industry-accepted security best practices are required of a successful candidate.
•  If you would like to work for one of the BEST companies in the world, just apply and let your career be reimagined.

 ROLE.

•  in the Application Security program, employs analytical thinking to find answers to tactical and strategic problems.
•  collects information from a range of sources and formats, assesses its applicability to our environment, and offers metrics for the threat levels related to vulnerabilities.
•  supports the configuration, alteration, and management of application security tools.
•  provides recommendations for corrective actions and guidelines for addressing vulnerabilities unique to particular applications.
•  enables static and dynamic testing through automated or manual testing procedures throughout the SDLC; integrates new and existing applications and websites into application security tooling platforms.
•  develops a working relationship of trust with other IS teams in order to advance the Application Security program.
•  participates in and makes a contribution to the team's planning and activities aimed at improving the group's knowledge, abilities, and communication as well as the group's reputation and level of output.
•  combines efforts with development teams to incorporate the best application security practices into CI/CD pipelines.
•  When identifying, analyzing, and communicating risk related to application security to support business requirements, works well in collaboration and communication with Compliance, Internal Audit, Business teams, and others.
•  proactively responds to incidents, support requests, and tickets.
•  assists the Incident Response team as needed in addressing security incidents.
•  Recognizes how regulatory and compliance requirements may impact security and collaborates effectively with project teams and business units to create security solutions.
•  acknowledges that solutions to security problems must strike a balance between business and security requirements.
•  encourages the use of security and compliance measures to protect corporate settings and applications from both internal and external threats.
•  work with information system owners and administrators to comprehend their security requirements in order to help implement practices and procedures that are in line with Costco's security policies.
•  establishes and maintains supplier relationships to further Costco's goals and mission.
•  Up-to-date understanding of industry standards and trends.
•  creates and keeps up-to-date environmental documentation, including tasks, change records, processes, and procedures.
•  maintains a high level of professional development in the areas of technology, business savvy, and Costco platforms and policies.

 REQUIRED.

•  When working in a cybersecurity position in an office setting, at least two years of experience are preferred.
•  practical experience with application security testing techniques such as SAST, DAST, MAST, and SCA.
•  practical knowledge of static and/or dynamic code scanning and corrective action taking.
•  practical knowledge of vulnerability management strategies.
•  familiarity with the OWASP Top 10 and CIS 18 lists.
•  familiarity with the most common risk rating techniques used in the field.
•  a practical understanding of the concepts and procedures underlying Agile development, particularly Scrum and Kanban.
•  comprehensive knowledge of DevOps and SDLC concepts, including CI/CD pipelines.
•  knowledge of Azure's cloud computing and services.
•  knowledge of cutting-edge application platforms, including Java EE and the .NET framework.
•  knowledge of programming languages (e.g. g. REST, SOAP, GraphQL, etc. ).
•  an in-depth knowledge of security regulations like PCI, HIPAA, GDPR, etc.
•  familiarity with networking environments, Linux, and Windows.
•  practical knowledge of information system security policies and practices (e. g. Access control, system hardening, log file monitoring, system auditing, security guidelines, and incident response).
•  the ability to communicate information security issues to executives, auditors, end users, and engineers in a way that is appropriate in terms of language, tone, and examples.
•  the ability to explain vulnerability-finding methods to users of all technical and non-technical backgrounds.
•  the ability to quickly understand systems in order to identify and validate security needs.
•  used a methodical, organized approach to setting priorities and controlling time to further the team's goals.
•  exhibited outstanding communication skills in both writing and speaking.
•  Strong analytical skills, knowledge of change management, and strong documentation skills.
•  Strong collaborative mindset; capacity to contribute as a valuable team member; ability to support and promote team collaboration and communication.
•  the flexibility to adjust course when priorities change.
•  a track record of handling sensitive and highly private information with professionalism.
•  Flexible scheduling to meet business needs, including after regular business hours; it might even be possible to work around the clock to accommodate all Costco locations.

 Recommended.

•  at least one or more professional audit or security certifications, such as Security+, CISA, GSEC, or CISSP (or equivalent experience).
•  programming language expertise, at least one.
•  understanding of managing vulnerabilities and patching.
•  a comprehension of information security frameworks, like NIST, and how they support compliance while enhancing security.
•  • Programming expertise and manual code reviews.
•  familiarity with application development platforms, such as SonarQube, GitHub, Azure DevOps, and Jenkins.
•  Understanding endpoint security software is useful.
•  Know the procedures, protocols, and multi-factor authentication. PKI, token/certificate-based authentication, DNS, and AD architecture are all authentication services.

 Required Paperwork.

•  The Resume.
•  the curriculum vitae.

 If you are a California applicant, kindly click here to view the Costco Applicant Privacy Notice.

 Slopes of Pay:.

•  Level 2 - $95,000 - $130,000.
•  Level 3 - $125,000 - $165,000.
•  Level 4 - $150,000 - $195,000.