someone who has specific experience with vulnerability and threat management tools.
someone to help us get vulnerability management up to speed and SUPPORT
security operations on the day to day front.
This role is an individual contributor. This is not a strategy or management role.
assists in technical implementation and support of tools and practices
protecting, detecting, containing and managing information security.
Remote with frequent travel to the HQ in Portland is ok.
Tools: (HackerProof OR OpenVAS OR Nexpose OR Nikto OR IP360 OR Nessus OR MBSA)
Not looking for: Architects, Administrators, Managers, or Analysts
Must have experience engineering with one of the above tools.
This job description is not meant to be an all inclusive list of duties and responsibilities, but constitutes a general definition of the position's scope and function in the company.
Columbia Sportswear Company is a portfolio of Brands for active lives. From our flagship Columbia Brand to Mountain Hardwear, prAna and even SOREL…we connect active people to their passions. If you have a passion for all things active, we might have the right role for you. If you crave adventure, innovation, quality and – best of all – fun, this is where you belong. If you’re already reaching for your resume—good. Apply for a career with Columbia Sportswear today.
General Position Summary:
The Security Engineer II is an integral part of the Global information security practice at Columbia Sportswear. This role assists in technical implementation and support of tools and practices protecting, detecting, containing and managing information security for the companies and employees of Columbia Sportswear. The Security Engineer is expected to have a broad range of technical skills (such as systems, networks, cloud services, databases, and scripting) coupled with an understanding of risk and a strong ability to work collaboratively across both business and technical teams in achieving organizational objectives.
• Work across application, infrastructure, and operations teams to implement and support Columbia information security technology, processes and functions.
• Provide information security consulting services to projects and business processes.
• Assist in the development, execution and maintenance of global information security programs.
• Work with management and technical teams to establish baselines, metrics and reporting capabilities supporting the information security program.
• Participate in the implementation and operation of information security solutions and technologies related to the protection, detection, response and containment programs within the Information Security program.
• Act as a trusted advisor to staff and management at all levels of the organization.
• Consult across the organization on matters of information security and data protection solutions.
• Work collaboratively across technical and business teams in implementing security solutions that enhance efficiencies, automation, and/or visibility to infrastructure events and operations.
• Consists of recurring work situations with a focus on providing project and operational deliverables.
• Job involves a high degree of complexity and problem-solving, considering elements of people, process and technology.
• While the role is an individual contributor, the individual will be responsible for limited advising, reporting and training various levels of staff.
• Duties are performed independently with minimal supervision and work is checked based on results.
• Decisions are made within high level organizational guidelines and practices and require some independent assessment of competing requirements.
• Internal contacts will include business staff and leadership and technical staff and leadership.
• External contacts typically include technical contacts of vendors.
• Interactions tend to focus on information exchange, problem solving, explanation, discussion and interpretations.
• Contacts regularly contain confidential/sensitive information.
• Incumbent often initiates contacts on his/her own with 70% being by phone or e-mail and the remainder via face-to-face interaction.
• Position is not supervisory.
Specific Job Skills:
• Mid-level skills, knowledge and ability in the implementation and management of technology solutions across a broad range of technology and business spaces.
• Understanding of work in multi-national organizations with ability to adapt to cultural variations as necessary to achieve success.
• Experience assisting with moving on-prem identity management, LOB applications, core business data, and other workloads into cloud environments.
• Experience developing security-related data solutions.
• Ability to extract actionable intelligence and key metrics from an array of security-related technologies.
• Ability to learn and maintain currency with broad technical elements of information security.
• Talent in understanding how security interacts with the broad culture of the organization.
• Excellent organizational and presentation skills and attention to detail required.
• Ability to present information succinctly and maintain credibility and influence throughout the organization.
• Ability to read, write, and speak English.
• Proficient in manipulating data including statistical analysis and advanced math calculations.
• Ability to operate independently and follow general guidelines.
• Ability to utilize scripting and programming languages including Powershell, Python, Ruby to create solutions and solve problems with tools, data gathering, analytics, and automation.
• Physical ability to use telephone, computer hardware/software including keyboard, type, sit and stand for extended periods of time.
• A bachelor’s degree in a science, technology, engineering, or mathematics discipline is required for this position. Commensurate experience in lieu of a degree may be considered for this position.
• Minimum 2+ years working in a wide variety of information technology engineering roles including system or network engineering within mid-size to large environments.
• Work experience should include a broad variety of IT activities such as systems management, application management, database management and/or software development. Additionally, experience working holistically across people, process and technology issues is preferred over just technology.
• Demonstrable experience working in cloud environments, Azure preferred.
• Demonstrable experience working with vulnerability management software.
• Experience implementing an MSSP and/or MDR solution desirable.
• Experience or knowledge of IT control and security frameworks such as ISO 27000, COBIT, or NIST 800-53 is desired.
• CISSP desired but not required.
• Footwear and apparel industry experience considered a plus.
• Job requires hours that may occasionally exceed 8 hours per day and/or 40 hours per week during times of peak activity.
• Evening meetings and/or weekend work occasionally required to collaborate with people in other time zones and to ensure timely project completion.
• Some job pressure exists in the balancing of several projects with conflicting and sometimes changing deadlines.
• The ability to sit for extended periods and to bend, kneel, and stoop.
• Ability to operate telephones and computer hardware and software, including keyboard and 10-key.
• Physical capability to occasionally lift up to 30 pounds.
• Exposure to a computer display.