Information Security Analyst - Data Loss Prevention

Costco   •  

Issaquah, WA

Industry: Retail & Consumer Goods


Less than 5 years

Posted 76 days ago

This job is no longer available.


Description of position

The role of each Information Security team member is to support the overarching values and business goals of Costco, including meeting legal, ethical and regulatory obligations; protecting member privacy; and maintaining a secure technology environment for our operations.

The Analysts perform monitoring and auditing of information system activities utilizing multiple security related tools to ensure security best practices are enforced; create and maintain documentation related to policies, standards and procedures; and mentor team members with lesser subject matter expertise, and provide consultative services to teams and stakeholders to improve their environments. Also works with vendors for product consideration and recommendation.

Additionally, this Analyst will possess some of the following knowledge and skills. The Analyst should have in-depth working experience and knowledge of Data Loss Prevention methodologies and tools such as Symantec, Netskope, or Proofpoint. They should have solid skills in understanding of varying data protection regulations including but not limited to PCI-DSS, HIPAA, GDPR, and have in-depth knowledge and work experience with security best practices.

Tasks and responsibilities

  • Works analytically to solve both tactical and strategic problems within the DLP program
  • Plans, develops, and executes DLP scans of a wide variety of global corporate and business information systems
  • Collects and aggregates information from a wide variety of sources and format for relevance to our environment; monitors and provides metrics on threat level of data
  • Establishes rapport with other IS teams to mature the DLP program and efficiently scan the environment
  • Is an active and contributing member of the Security Operations team, actively participates in team activities and planning in regards to improving team skills, awareness, communication, reputation and quality of work
  • Effectively collaborates and communicates with Compliance, Internal Audit, the Business teams and others to identify, analyze and communicate risk and provide support around DLP management within their business requirements
  • Identifies, develops, and implements mechanisms to detect sensitive data and how they may lead to corporate incidents in order to enhance compliance with and support of security standards and procedures
  • Responds to tickets and incidents in a proactive manner
  • Coordinates with Incident Response team to remediate discovered security incidents as needed
  • Understands compliance requirements that may impact security and effectively collaborate with business areas and project teams to develop security solutions that address these requirements
  • Assumes leadership role in advocating internally and externally for compliance to security measures to protect corporate applications and environments
  • Works with information systems owners and administrators to understand their security needs and assist with implementing practices and procedures consistent with Costco’s security policies
  • Builds and maintains vendor partnerships to further Costco’s mission and goals
  • Maintains updated environmental documentation
  • Analyzes and responds to data loss incidents/alerts via enterprise console and other sources
  • Manages and tunes data loss prevention platforms to ensure optimal coverage, thresholds, and workflows
  • Works with appropriate business teams to understand normal business practices for communicating sensitive data and tailor management response requirements accordingly
  • Innovates to build upon data loss prevention foundation to begin development of an insider threat behavioral analysis capability
  • Develops requirements for escalation and logging in order to baseline data loss risk across all regions
  • Implements an assurance program to support third-party interactions such that sensitive data is only transmitted with transparency and accountability through a defined process
  • Works on dashboard/metrics reporting to help identify repeat offenders, understand trends and propose possible process changes
  • Assists in other areas of the department and company as necessary

Required skills, abilities, and certifications

  • Minimum of 5 years of experience in security in an enterprise environment
  • Deep understanding of data loss prevention technologies covering data at rest, data in use, and data in motion.
  • Thorough hands-on experience with DLP scanning tools or endpoint protection
  • Thorough knowledge of DLP management process including remediation planning
  • Thorough understanding of security frameworks such as PCI, HIPAA, GDPR, etc.
  • Thorough experience with both Windows and Linux environments
  • Working knowledge of information systems security standards/practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling)
  • Ability to clearly communicate Information Security matters to executives, auditors, end users, and engineers, using appropriate language, examples, and tone
  • Ability to quickly understand security systems in order to identify and validatesecurity requirements
  • Demonstrate a logical and structured approach to time management and task prioritization
  • Demonstrate a high level of communication skills, verbal and written
  • Proactively pursue professional growth in the areas of technology, business knowledge, and Costco policies and platforms
  • Strong analytical skills, documentation skills and awareness of change management
  • Ability to adapt to a changing environment
  • Able to effectively perform in a team environment
  • Ability to handle highly confidential information in a strictly professional manner
  • Willingness to work outside of regular business hours, as required

Recommended skills, abilities, and certifications

  • Bachelor’s Degree with 3-5 years’ experience in a security operations center environment
  • Ability to prioritize incident response activities based on intake queues and SLAs
  • Strong experience using Symantec Data Loss Prevention and other DLP tools
  • Strong experience with file share and policy-based email encryption
  • Demonstrated technical proficiency in various endpoint and networksecurity controls
  • Must have DLP implementation, management and expansion experience
  • Must have strong technical knowledge of DLP architecture, system policies, rules, etc
  • Proven experience creating DLP rules to satisfy complex business requirements
  • Understanding of behavioral analysis and anomaly hunting tactics
  • Understanding of varying data protection regulations including but not limited to PCI-DSS, HIPAA, GDPR
  • Knowledge of data classification solutions
  • Ability to relate technical issues to non-technical associates / business owners
  • Solid understanding of how TCP/IP networks function (understand ports, protocols, IP ranges, domain name resolution)
  • CISSP, CISA, CEH, OSCP, or other industry recognized security certifications preferred
  • Successful internal candidates will have spent one year or more on their current team.
  • 2621