Incident Response Threat Intelligence Engineer~

Costco Wholesale Corporation Issaquah , WA 98029

Posted 2 months ago

This is an environment unlike anything in the high-tech world and the secret of Costco's success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others. In 2018, Costco contributed over $39 million to organizations such as United Way and Children's Miracle Network Hospitals.

Costco IT is responsible for the technical future of Costco Wholesale, the second largest retailer in the world with wholesale operations in twelve countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. As proof, Costco consistently ranks in the top five of Forbes "America's Best Employers".

If you want to be a part of one of the BEST "to work for" companies in the world, simply apply and let your career be reimagined.

The role of every Information Security team member is to support the overarching values and business goals of Costco Wholesale as they relate to meeting legal, ethical and regulatory obligations; protecting member's and employee's privacy; and maintaining a security technology environment for our operations. The Incident Response Threat Intelligence Engineer provides threat information to help identify threat actors and methods; to enable IT solutions to build effective controls against these threats; provide situation awareness to incident response; run threat assessments for high risk events (zero-days); support proactive incident hunting in Costco Wholesale systems; advises on matters related to policies, standards and procedures; and mentors team members with lesser subject matter expertise. The Incident Response Threat Engineer develops, leads and monitors the Threat Intelligence Program.

Role

  • Ultimately this Engineer will develop/design/maintain the systems, tools and processes that support and to some extent mentor a team of threat intelligence analysts with varying threat intelligence discipline specializations.

  • Identifies and assesses internal and external cybersecurity risks that threaten the security of Costco business operations.

  • Develops and formalizes effective threat identification and assessment processes, including maintaining playbooks for obtaining, monitoring, assessing, classifying severity, and responding to evolving threats and vulnerabilities.

  • Develops, maintains, and updates a repository of cybersecurity threat information that may be used in conducting risk assessments and report on cyber risk trends.

  • Conducts research and evaluate intelligence data, with specific emphasis on tactics, techniques, and procedures.

  • Turns threat information into actionable intelligence by integrating related Indicators of Compromise (IOC) into SIEM operations and incident response strategies.

  • Correlates threat data from various sources and analyzes network events to establish the identity and modus operandi of malicious users active in or posing potential threats to Costco Wholesale.

  • Develops and documents Threat Intelligence procedures into Playbooks.

  • Ensures that Threat Intelligence documentation is comprehensive and accurate including completes all relevant fields in case tracking database.

  • Reports security performance against established security metrics.

  • Works closely with various international Information Technology teams, state agencies and 3rd party vendors to develop a fuller understanding of the intent, objectives, and activity of cyber threat actors.

  • Coordinates activities or engagements with loss prevention, 3rd party security retainers, interact with legal and law enforcement as required.

  • Monitors Operation, Intelligence Analyst and Hunt Teams work queues and metrics. Requests and releases team members to different roles as needed.

  • Identifies, develops, and implements mechanisms to detect security incidents and report on key metrics.

  • Identifies and improves security incident detection and monitoring capabilities.

  • Provides management and the IR team with a contextual snapshot of the Incident Response team challenges for multiple uses by the team and management.

  • Participates in the assessment, analysis and design of solutions for the Threat Intelligence Program.

  • Identifies gaps and recommends changes to the Incident Response Plan.

  • Subject matter expertise and provide leadership to develop the Threat Intelligence Program.

  • Provides mentoring and training on tools and processes to the Threat Intelligence Team and partners.

  • Regular and reliable workplace attendance at your assigned location.

Required:

  • Must have established threat intelligence or intelligence analysis experience.

  • Must have enough experience to make the technical and operational recommendations required to develop/enhance a Threat Intelligence program.

  • While the job certainly requires technical knowledge of information systems and information security as a field (systems engineering, forensics, pentesting, detection/response, etc.) excellent analytical abilities, strong technical writing skills and extensive data analysis experience is perhaps even more important.

  • A Bachelor's degree in Computer Science or a minimum of 10 years of information security experience with a focus on threat intelligence.

  • High degree of ethics/confidentiality required. May be required to pass security screening.

  • Ability to provide accurate analysis that minimizes bias and error.

  • Ability to develop processes and tools to effectively share actionable intelligence information.

  • Rule correlation evaluation and development experience highly recommended but not required.

  • Ability to work effectively, independent of assistance or supervision.

  • Ability to work under pressure in a highly team focused environment is required.

  • Innovative, creative, and extremely responsive, with a strong sense of urgency.

  • Willing to share knowledge and assist others in understanding technical and business topics.

  • Willingness to work outside of regular business hours as required which can include evenings, weekends and holidays.

Recommended:

  • One or more professional security certifications such as CISSP (or equivalent).

  • Experience with scripting languages such as Python.

  • Familiarity with link analysis and data mining tools like Maltego.

  • Successful internal candidates will have spent one year or more on their current team.

Required Documents

  • Cover letter

  • Resume

To Apply: Use the link below to upload all required documents to

https://chm.tbe.taleo.net/chm02/ats/careers/v2/viewRequisition?org=COSTCO&cws=41&rid=3175

Apart from any religious or disability considerations, open availability is needed to meet the needs of the business. If hired, you will be required to provide proof of authorization to work in the United States. Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas.


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Incident Response Security Analyst 2801

Costco Wholesale Corporation

Posted 2 months ago

VIEW JOBS 2/11/2020 12:00:00 AM 2020-05-11T00:00 Description of position The role of every Information Security team member is to support the overarching values and business goals of Costco Wholesale as they relate to meeting legal, ethical and regulatory obligations; protecting member's and employee's privacy; and maintaining a security technology environment for our operations. The Incident Response Security Analyst provides consultative services, works with vendors for product consideration and recommendation performs monitoring and auditing of information system activities, advises on matters related to policies, standards and procedures; and mentors team members with lesser subject matter expertise. The Incident Response Security Analyst works to consistently maintain situational awareness required to identify and verify security incidents. Analyze, document and report on security incidents through the Incident Attack Lifecycle. Provide technical analysis to understand compromise, coordinate the response and advise on remediation/mitigation tactics. In addition to core Incident Response work the team is looking to increase activities in network security monitoring and developing internal tools (e.g. Splunk, python.) Tasks and responsibilities * Incidents triage, prioritization, investigation, response coordination and closure documentation * Hands on work with SIEM and logging solutions * Obtains and analyzes forensic images of mobile devices, MACs, Linux, Windows (VMs as well as physical) * Works with stakeholders to provide security solutions that support their business requirements * Identifies, develops, and implements mechanisms to detect security incidents * Conducts security risk assessments on new products and systems, periodic security risk assessments on existing systems and identifies and/or recommends appropriate security countermeasures and best practices * Coordinates activities or engagements with loss prevention, interact with legal and law enforcement as required * Identifies security gaps that expose Costco to potential exploit and develops short and long term prioritized remediations to address those gaps * Performs the project manager role on security-related projects * Ensures that incident documentation is comprehensive and accurate. Completes all relevant fields in incident tracking database and closes ticket * Identifies and reports on gaps within the Incident Response Plan * Develops and documents security event and incident handling procedures into Playbooks * Creates Splunk dashboards to display IR's metrics * Creates dashboards that help identify possible malicious trends * Assists in other areas of the department and company as necessary Required skills, abilities, and certifications * High degree of ethics/confidentiality required. May be required to pass security screening * Rule correlation evaluation and development experience highly recommended but not required * Good understanding of FIM, IDS, vulnerability scanning, logging/monitoring, antivirus and other commonly implemented enterprise security technologies * Demonstrated proficiency with scripting languages such as Python * Ability to work effectively, independent of assistance or supervision * Ability to work under pressure in a highly team focused environment is required * Innovative, creative, and extremely responsive, with a strong sense of urgency * Willing to share knowledge and assist others in understanding technical and business topics * Willingness to work outside of regular business hours as required which can include evenings, weekends and holidays * Working knowledge of information systems security standards and practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling) * Demonstrated experience of security knowledge of one or more of the following platforms: Linux or Ubuntu * Demonstrated experience in Splunk searches, data mining and dashboard creation * Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers, using appropriate language, examples, and tone * Familiarity with tools such as NMAP, NetCat and Enum and other commonly used PEN/hacking tools preferred * Familiarity with DNS, NTP, SMTP and other commonly used foundational protocols * Working knowledge of protocols and technologies such as TCP, UDP, SSL, FTP, SMTP, NetBIOS and DHCP * Ability to interpret information security data and processes to identify potential compliance issues * Ability to quickly understand security systems in order to identify and validate security requirements Recommended skills, abilities, and certifications * One or more professional security certifications such as CISA or CISSP (or equivalent) * A Bachelor's degree in Computer Science or a minimum of 2 to 4 years of information systems security experience * Experience integrating disparate systems using APIs * Experience with firewalls, routers, or load balancers * Configuration Management Experience (chef, puppet, cfengine) * Experience with Network IDS * Experience configuring TAPs/SPANs * Experience with Network Security Monitoring technologies * Experience with PCI DSS * Experience with Microsoft Azure * Successful internal candidates will have spent one year or more on their current team Apply: Use the link below to upload all required documents to https://chm.tbe.taleo.net/chm02/ats/careers/v2/viewRequisition?org=COSTCO&cws=41&rid=2801 Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas. If hired, you will be required to provide proof of authorization to work in the United States. Apart from any religious or disability considerations, open availability is needed to meet the needs of the business. Costco Wholesale Corporation Issaquah WA

Incident Response Threat Intelligence Engineer~

Costco Wholesale Corporation