Firm Name: Costco

Numbers of Jobs: Application Security Analyst

Education Need: Graduate

Job Hours: 8

Payment: $20-$30/Hour

What's Job City: Seattle

Job Details:

• Costco IT, the third-largest retailer in the world with wholesale operations in fourteen countries, is in charge of ensuring the technical viability of the business. We continue to foster a family-oriented environment where employees can thrive despite our size and quick international growth. For proof, take a look at Costco's ranking of seventh on Forbes' list of the world's best employers.
•  Given that this environment is unique in the high-tech world, Costco's culture is essential to the company's success. The value that Costco places on its staff is well-documented in articles from a variety of publishers, including Bloomberg and Forbes. Our priority is our members and staff. Costco is renowned for its generosity and dedication to the community, and it has won many awards for these traits. To motivate its staff to actively engage in volunteerism, the company supports a variety of charitable giving opportunities.
•  You are cordially invited by the Costco Wholesale IT family. A dynamic, quick-paced environment is the setting for the IT department at Costco as it undergoes exciting transformational projects. We are constructing a state-of-the-art retail space where you will be surrounded by devoted and expert staff.
•  The overarching values and business goals of Costco must be achieved by every member of the information security team, and this includes upholding the organization's legal, ethical, and regulatory obligations, protecting member privacy, and maintaining a secure technological environment for business operations.
•  Security analysts protect people's privacy, maintain a secure technological environment, and uphold the company's values and objectives regarding its obligations under the law, ethics, and regulations. To prevent hacker attacks from the inside and outside, compromises of systems and accounts, and intrusions into company data, security analysts develop and implement security defenses, countermeasures, and controls. Security analysts are responsible for a variety of tasks, including investigating attempted and successful attempts to compromise system security, developing countermeasures, putting in place and maintaining physical, technical, and administrative security controls, and alerting management to the negative effects on the business's operations.
•  This Application Security Analyst position configures, troubleshoots, monitors, and audits information system activities using various application security testing tools to make sure security best practices are followed. To improve application security in various stakeholders' environments, it also keeps documentation of policies, standards, and procedures updated, mentors team members, and provides consultative services to teams. To evaluate and suggest products, the job of a security analyst also requires collaboration with suppliers.
•  Extensive work experience, familiarity with application-specific testing methodologies, and expertise in vulnerabilities are required for this security analyst position. A strong understanding of Windows, the cloud, and comprehensive expertise in generally acknowledged security best practices from the workplace are other requirements for success.
•  If you want to work for one of the BEST companies in the world, just apply and let your career be reimagined. ".

 ROLE.

•  Apply analytical thinking to tactical and strategic problems within the Application Security program.
•  gathers and compiles data from various sources and data formats for relevance to our environment; monitors and provides metrics on the gravity of vulnerabilities' threats.
•  assists in configuring, altering, and managing application security tools.
•  guides how to fix application-specific vulnerabilities as well as remediation techniques.
•  enables static and dynamic testing through automated or manual testing procedures throughout the SDLC. Integrates new and existing applications and websites into application security tooling platforms.
•  creates connections and works in conjunction with other IS teams to support the advancement of the Application Security program.
•  Enhances team awareness, knowledge, communication, reputation, and work quality by participating in team planning and activities.
•  collaborating with development teams to include application security policies in CI/CD pipelines.
•  To support business requirements effectively collaborate and communicate with Compliance, Internal Audit, Business teams, and others to identify, analyze, and communicate risks related to application security.
•  promptly reacts to incidents, support requests, and tickets.
•  To handle security incidents coordinate with the Incident Response team as necessary.
•  Working effectively with business units and project teams to develop security solutions, the individual is aware of how regulatory and compliance requirements may impact security.
•  acknowledges that to solve security problems, business and security requirements must be balanced.
•  encourages security and compliance measures both internally and externally to protect business environments and applications.
•  Working with information system owners and administrators to understand their security needs, aids in the implementation of practices and procedures that are compliant with Costco's security policies.
•  establishes and maintains supplier alliances to further the goals and mission of Costco.
•  maintains current familiarity with industry standards and trends.
•  creates and maintains environmental documentation, including tasks, change records, processes, and procedures.
•  continues to advance professionally in the fields of technology, business savvy, and Costco platforms and policies.

 REQUIRED.

•  When working in a cybersecurity position in an office environment, at least two years of experience are preferred.
•  practical experience with application security testing techniques like SAST, DAST, MAST, and SCA.
•  practical knowledge of fixing errors found after scanning static or dynamic code.
•  practical knowledge of vulnerability management techniques.
•  familiarity with the OWASP Top 10 and CIS 18 lists.
•  an understanding of the commonly employed risk rating methodologies in the sector.
•  knowledge of the concepts and methods used in agile development, such as Scrum or Kanban.
•  Exceptional understanding of CI/CD pipelines and SDLC concepts.
•  information on Azure's other services, including its cloud computing services.
•  knowledge of cutting-edge application platforms, including Java EE and the .NET framework.
•  Understanding of programming languages and Web Service technologies (e. g. GraphQL, SOAP, REST, etc. ).
•  a thorough understanding of security regulations such as PCI, HIPAA, GDPR, etc.
•  understanding of Windows, Linux, and networking environments.
•  knowledge of real-world information system security policies and practices (e. g. guidelines for security, access control, system hardening, system audit, log file monitoring, and incident response).
•  the ability to communicate information security issues to executives, auditors, end users, and engineers using appropriate language, examples, and tone.
•  a user's ability to understand technical and non-technical descriptions of vulnerability-finding methods.
•  the capacity to quickly comprehend systems and identify and validate security requirements.
•  demonstrated a structured and logical time management and task prioritization approach in support of team objectives.
•  exhibited outstanding communication skills in both writing and speaking.
•  Strong analytical skills, knowledge of change management, and strong documentation skills.
•  Ability to foster and promote teamwork and communication; strong collaborative mindset; able to contribute significantly to the team.
•  changing priorities is possible.
•  • A track record of handling sensitive and highly confidential information in a strictly professional manner.
•  flexibility in scheduling to accommodate business requirements, including working outside of regular business hours; it might even be possible to work around the clock to accommodate all Costco locations.

 Recommended.

•  a minimum of one or more professional auditing or security certifications, such as Security+, CISA, GSEC, or CISSP (or equivalent experience).
•  knowledge of one or more programming and scripting languages at an advanced level.
•  knowing how to manage vulnerabilities and patches.
•  an awareness of information security frameworks, such as NIST, and how they support compliance while enhancing security.
•  programming knowledge, including reviewing manual code.
•  a practical understanding of application development platforms like SonarQube, GitHub, Azure DevOps, and Jenkins.
•  Experience with endpoint security software is advantageous.
•  Know the procedures, protocols, and multi-factor authentication. There are services for authentication, PKI, token/certificate-based authentication, DNS, and AD architecture.

 Mandatory Paperwork.

•  Cover Letter.
•  on a resume.