Principal Cybersecurity Engineer

OUTGROWN YOUR OWN BACKYARD? COME PLAY IN OURS.

At Columbia, we're as passionate about the outdoors as you are. And while our gear is available worldwide, we're proud to be based in the Pacific Northwest, where natural wonders are our playground.

Every product we make and every task we undertake is inspired by the famous words of our founder Gert Boyle: "It's perfect. Now make it better." As pioneers of relentless improvement, we are constantly evolving.

We believe the outdoors is ours to protect and strive to keep our planet healthy. We believe in empowering people to experience the outdoors to the fullest.

And we believe in you.

ABOUT THE POSITION

Although we're an apparel and footwear-focused company, technology is central to everything we do. Columbia Sportswear's Digital Technology (CDT) teams enable an IT infrastructure across four global brands, a global supply chain, and 500+ geographically dispersed stores. These teams support in-store, mobile, and data platforms to enhance customer interface and service in an ever-evolving industry.

The Principal Information Security Engineer supports the global Information Security team in designing, implementing, maintaining, and improving information security systems in addition to detecting and responding to Cybersecurity events and incidents.

This role is necessary to support the Cybersecurity Incident Response and threat hunting capabilities. It requires a deep understanding of the entire information security space, expert knowledge of the Incident Response lifecycle, and technical depth to perform and direct response actions.

HOW YOU'LL MAKE A DIFFERENCE

• Member of CSC's global Information Security team responsible for the detection, containment, and recovery actions of an incident.
• Collaborate with MDR provider and cross functional teams to prioritize, build, deploy, and tune use-cases across IT and security tools and platforms (e.g., SIEM, EDR, DLP, etc.).
• Develop and maintain global incident response technologies, runbooks, and procedures.
• Facilitate incident response exercises, assists with network and systems penetration testing, and conducts Cybersecurity risk and gap assessments.
• Operationalizes threat intelligence and performs proactive hunt assessments.
• Creates and presents incident, threat intelligence, and after-action reports to senior and executive level management.
• Manages global Information Security tools and programs (e.g., vulnerability detection (VM), endpoint security (EDR), log correlation (SIEM), etc.).
• Leads review and use of new technologies and capabilities to support constantly changing digital landscape; ensures solutions meet security requirements and align to corporate information security posture.
• Performs other duties, as assigned.

YOU ARE

• Regarded as the expert in the information security discipline within the organization function or business.
• Extensive knowledge of deploying and maintaining enterprise security tools and capabilities.
• Knowledge of industry and regulatory security standards and frameworks (e.g., NIST CSF, ISO 27001, SOX, PCI/DSS, GLBA, GDPR, and CCPA).
• Ability to work both individually and as part of a team.
• Excellent written and verbal communication skills as well as a high degree of business acumen and an enterprise mindset.

YOU HAVE

• Bachelor's degree or equivalent experience with one or more Information Security certifications (GCIH, GCFE, GCFA, GREM, or GCED).
• Requires 8+ years of professional Cybersecurity with a recent emphasis on incident response and/or threat hunting.
• Scripting experience preferred (e.g., Python, PowerShell, bash, etc.).
• Understanding of the MITRE ATT&CK Framework, Diamond Model of Intrusion Analysis, Offensive Security, and/or adversary techniques.
• Excellent understanding of security protocols, hybrid and multi-cloud architecture, security controls, modern threats, and countermeasures.
• Ability to interact with a broad cross-section of personnel to define, explain and effectively manage security measures based on business value and objectives.

#LI-JD1

Columbia Sportswear Company and our portfolio of brands, including Columbia, SOREL, Mountain Hardwear and prAna, know a thing or two about adventures. After all, we've been on one since 1938, working to perfect the art of enjoying the outdoors. Behind everything we make is an employee who's found that the greatest adventure starts with joining a company that strives to do the right thing.

This job description is not meant to be an all-inclusive list of duties and responsibilities, but constitutes a general definition of the position's scope and function in the company.

At Columbia Sportswear Company (CSC), we are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, military and veteran status, and any other characteristic protected by applicable law. CSC believes that diversity and inclusion among our teammates is critical to our success as a global company, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. All employment is decided on the basis of qualifications, merit, and business need.