SR INFORMATION SECURITY ENGINEER

OUTGROWN YOUR OWN BACKYARD? COME PLAY IN OURS

At Columbia, we’re as passionate about the outdoors as you are. And while our gear is available worldwide, we’re proud to be based in the Pacific Northwest, where natural wonders are our playground.
Every product we make and every task we undertake is inspired by the famous words of our founder Gert Boyle: “It’s perfect. Now make it better.” As pioneers of relentless improvement, we are constantly evolving.
We believe the outdoors is ours to protect and strive to keep our planet healthy. We believe in empowering people to experience the outdoors to the fullest.
And we believe in you.

ABOUT THE POSITION

Although we’re an apparel and footwear focused company, technology is central to everything we do. Columbia Sportswear’s Global Information Services (GIS) teams enable an IT infrastructure across four global brands, a global supply chain, and 500+ geographically dispersed stores. These teams support in-store, mobile, and data platforms to enhance customer interface and service in an ever-evolving industry.

The Senior Information Security Engineer, The Security Engineer III supports the global Information Security team in designing, developing, implementing, maintaining, and continuously improving information security systems and services across the digital landscape.

HOW YOU’LL MAKE A DIFFERENCE

• Works across multiple teams to design, develop, implement, maintain, improve and manage information security technology solutions protecting, detecting, responding to, and containing technology risks to the digital landscape. Provides consulting services to technical teams on implementation requirements and patterns to ensure secure application deployment practices.

• Participates and may lead in examining the use of new technologies and capabilities to support constantly changing digital landscape to meet business objectives, ensuring solutions meet security requirements and align to corporate information security posture.
• Demonstrates and champions the use of automation and scripting capabilities to deploy, manage, and maintain information security capabilities.
• Performs annual PCI assessments for consumer sales channels globally across regions and brands, coordinating with appropriate technical teams to achieve compliance.
• Assists with annual network and systems penetration testing using third-party partners. Conducts information security risk assessments and security compliance audits on systems and services.
• Collaborates with peers to ensure metrics are appropriately collected and interpreted.
• Assists Information Security staff as needed with the phases of information security incident management and other security events to protect corporate IT assets, intellectual property, regulated data and the company‘s reputation.
• Develops automation where necessary to facilitate the collection of data.
• Assists with implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provide direction, support and in-house consulting in these areas.
• Performs other duties as assigned.

YOU ARE

• Able to collaborate with key partners to understand/identify requirements, drive knowledge into action and support data driven decision making
• Able to understand various data structures and common methods in data transformation
• Able to tell stories with data
• An analytical thinker and problem solver, able to explain difficult concepts to non-technical users

YOU HAVE

• Bachelor’s degree, applicable certification or equivalent experience
• 5-8 years of professional experience and strong competency with the various tools, systems, or procedures required to accomplish the job.
• Demonstrated organization, project management, technical, communications, negotiations, business acumen, and analytic skills
• Strong experience with threat & vulnerability management, attack surface management, enterprise detect & response technologies
• Experience with identity and access management including OAuth 2.0, SAML, OIDC
• Experience with cloud security with at least one cloud provider, e.g. GCP, Azure, AWS
• Experience with SIEM & SOAR technologies
• Familiar with Incident Response and preferably data forensics
• Knowledge of industry standard security frameworks such as NIST CSF, ISO 27001, SCF
• Knowledge of the PCI DSS and experience in developing a PCI Program a plus

Columbia Sportswear Company and our portfolio of brands, including Columbia, SOREL, Mountain Hardwear and prAna, know a thing or two about adventures. After all, we’ve been on one since 1938, working to perfect the art of enjoying the outdoors. Behind everything we make is an employee who’s found that the greatest adventure starts with joining a company that strives to do the right thing.

This job description is not meant to be an all-inclusive list of duties and responsibilities, but constitutes a general definition of the position’s scope and function in the company. 

At Columbia Sportswear Company (CSC), we are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, military and veteran status, and any other characteristic protected by applicable law. CSC believes that diversity and inclusion among our teammates is critical to our success as a global company, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. All employment is decided on the basis of qualifications, merit, and business need.