Sr. Software Security Engineer

Columbia Sportswear, Inc.


0 year(s)

Job Description

At Columbia, were as passionate about the outdoors as you are. And while our gear is available worldwide, were proud to be based in the Pacific Northwest, where natural wonders are our playground.

Every product we make and every task we undertake is inspired by the famous words of our founder Gert Boyle: Its perfect. Now make it better. As pioneers of relentless improvement, we are constantly evolving.

We believe the outdoors is ours to protect and strive to keep our planet healthy. We believe in empowering people to experience the outdoors to the fullest.

And we believe in you.

Although we're an apparel and footwear focused company, technology is central to everything we do. Columbia Sportswears Global Information Services (GIS) teams enable an IT infrastructure across four global brands, a global supply chain, and 500+ geographically dispersed stores. These teams support in-store, mobile, and data platforms to enhance customer interface and service in an ever-evolving industry.

As a Senior IS Security Engineer focusing on our eCommerce platforms, youll be a critical bridge between the IS Security and eComm teams helping both to continuously improve. You will drive the implementation of security strategy and best practices, design and implement security improvements, monitor and help respond to events, and evangelize best practices. This individual contributor role will have an ongoing and direct impact on the security of our platforms and our consumers.

Work directly with the eComm technology team to design, develop, implement, maintain, improve and manage information security technology solutions protecting, detecting, responding to, and containing technology risks to the digital landscape

Provide consulting services to eComm technical teams on implementation requirements and patterns to ensure secure code and application deployment practices

Participate and possibly lead in examining the use of new technologies and capabilities to support constantly changing digital landscape to meet business objectives, ensuring solutions meet security requirements and align to corporate information security posture

Demonstrate and champion the use of automation and scripting capabilities to deploy, manage, and maintain information security capabilities

Assist with annual PCI assessments for eComm sales channels globally across regions and brands, coordinating with appropriate technical teams to achieve compliance

Assist with annual network and systems penetration testing using third-party partners

Conduct information security risk assessments and security compliance audits on systems and services

Collaborate with peers to ensure metrics are appropriately collected and interpreted and Develop automation where necessary to facilitate the collection of data

Assist eComm and IS staff as needed with the phases of information security incident management and other security events to protect corporate IT assets, intellectual property, regulated data and the company's reputation

Strong in data interpretation and communication with a proven ability to summarize and present complex findings clearly and concisely to various management levels

Effective and persuasive at presenting to technical teams and business leaders (verbal and written)

Able to multi-task and work effectively in a dynamic environment

Highly organized and detail-oriented

Curious with a desire to understand and master new ecommerce techniques and strategies

Able to manage time, priorities, and multiple deadlines in a fast-paced environment

5+ years or equivalent experience as a developer with direct, work-related security expertise

2+ years of experience with eCommerce platforms (e.g. Hybris, ATG, Magento, SFCC, WebSphere Commerce) is preferred

5+ years of experience in working in a version control environment (Git / Mercurial)

5+ years of experience with full-stack development (including Java, .NET/C#, Node.js, or similar technologies)

Knowledge of role management, RBAC, and SSO configuration in cloud environments

Experience with AWS componentry and experience working with AWS-related security tooling

JavaScript development experience (server side & client side)

Experience with static code analysis tools, web application vulnerability management, and prioritization and remediation of findings

Experience managing supplier, partner, or other 3rd party integrations and components from a security perspective

History of performing vendor evaluations and reviews with a focus on security

To learn more about our hiring process during COVID-19, click here.


Columbia Sportswear Company and our portfolio of brands, including Columbia, SOREL, Mountain Hardwear and prAna, know a thing or two about adventures. After all, we've been on one since 1938, working to perfect the art of enjoying the outdoors. Behind everything we make is an employee who's found that the greatest adventure starts with joining a company that strives to do the right thing.

This job description is not meant to be an all-inclusive list of duties and responsibilities, but constitutes a general definition of the position's scope and function in the company.

At Columbia Sportswear Company (CSC), we are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, military and veteran status, and any other characteristic protected by applicable law. CSC believes that diversity and inclusion among our teammates is critical to our success as a global company, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. All employment is decided on the basis of qualifications, merit, and business need.