Columbia Sportswear, Inc.:
Sr. Software Security Engineer Job in Burlington, VT
Premium
See who posted the job
Premium
Competitive Insights
Premium
Check your commute time
Closed
Burlington, VT
Full-time | Information Technology
About the job
OUTGROWN YOUR OWN BACKYARD? COME PLAY IN OURS.
At Columbia, were as passionate about the outdoors as you are. And while our gear is available worldwide, were proud to be based in the Pacific Northwest, where natural wonders are our playground.
Every product we make and every task we undertake is inspired by the famous words of our founder Gert Boyle: Its perfect. Now make it better. As pioneers of relentless improvement, we are constantly evolving.
We believe the outdoors is ours to protect and strive to keep our planet healthy. We believe in empowering people to experience the outdoors to the fullest.
And we believe in you.
ABOUT THE POSITION
Although we're an apparel and footwear focused company, technology is central to everything we do. Columbia Sportswears Global Information Services (GIS) teams enable an IT infrastructure across four global brands, a global supply chain, and 500+ geographically dispersed stores. These teams support in-store, mobile, and data platforms to enhance customer interface and service in an ever-evolving industry.
As a Senior IS Security Engineer focusing on our eCommerce platforms, youll be a critical bridge between the IS Security and eComm teams helping both to continuously improve. You will drive the implementation of security strategy and best practices, design and implement security improvements, monitor and help respond to events, and evangelize best practices. This individual contributor role will have an ongoing and direct impact on the security of our platforms and our consumers.
HOWYOULLMAKE A DIFFERENCE
Work directly with the eComm technology team to design, develop, implement, maintain, improve and manage information security technology solutions protecting, detecting, responding to, and containing technology risks to the digital landscape
Provide consulting services to eComm technical teams on implementation requirements and patterns to ensure secure code and application deployment practices
Participate and possibly lead in examining the use of new technologies and capabilities to support constantly changing digital landscape to meet business objectives, ensuring solutions meet security requirements and align to corporate information security posture
Demonstrate and champion the use of automation and scripting capabilities to deploy, manage, and maintain information security capabilities
Assist with annual PCI assessments for eComm sales channels globally across regions and brands, coordinating with appropriate technical teams to achieve compliance
Assist with annual network and systems penetration testing using third-party partners
Conduct information security risk assessments and security compliance audits on systems and services
Collaborate with peers to ensure metrics are appropriately collected and interpreted and Develop automation where necessary to facilitate the collection of data
Assist eComm and IS staff as needed with the phases of information security incident management and other security events to protect corporate IT assets, intellectual property, regulated data and the company's reputation
YOU ARE
Strong in data interpretation and communication with a proven ability to summarize and present complex findings clearly and concisely to various management levels
Effective and persuasive at presenting to technical teams and business leaders (verbal and written)
Able to multi-task and work effectively in a dynamic environment
Highly organized and detail-oriented
Curious with a desire to understand and master new ecommerce techniques and strategies
Able to manage time, priorities, and multiple deadlines in a fast-paced environment
YOUHAVE
5+ years or equivalent experience as a developer with direct, work-related security expertise
2+ years of experience with eCommerce platforms (e.g. Hybris, ATG, Magento, SFCC, WebSphere Commerce) is preferred
5+ years of experience in working in a version control environment (Git / Mercurial)
5+ years of experience with full-stack development (including Java, .NET/C#, Node.js, or similar technologies)
Knowledge of role management, RBAC, and SSO configuration in cloud environments
Experience with AWS componentry and experience working with AWS-related security tooling
JavaScript development experience (server side & client side)
Experience with static code analysis tools, web application vulnerability management, and prioritization and remediation of findings
Experience managing supplier, partner, or other 3rd party integrations and components from a security perspective
History of performing vendor evaluations and reviews with a focus on security
To learn more about our hiring process during COVID-19, click here.
#LI-JD1
Columbia Sportswear Company and our portfolio of brands, including Columbia, SOREL, Mountain Hardwear and prAna, know a thing or two about adventures. After all, we've been on one since 1938, working to perfect the art of enjoying the outdoors. Behind everything we make is an employee who's found that the greatest adventure starts with joining a company that strives to do the right thing.
This job description is not meant to be an all-inclusive list of duties and responsibilities, but constitutes a general definition of the position's scope and function in the company.
At Columbia Sportswear Company (CSC), we are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, military and veteran status, and any other characteristic protected by applicable law. CSC believes that diversity and inclusion among our teammates is critical to our success as a global company, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. All employment is decided on the basis of qualifications, merit, and business need.