Sr. Incident Responder (Incident Response)

ABOUT THE POSITION

Although we're an apparel and footwear-focused company, technology is central to everything we do. Columbia Sportswear’s Digital Technology (CDT) group enables an IT infrastructure and applications across four global brands, a global supply chain, and 500+ geographically dispersed stores. These teams support in-store, mobile, and data platforms to enhance customer interface and service in an ever-evolving industry.

The Sr. Cybersecurity Engineer designs, develops, implements and troubleshoots various information systems and cyber security software. This role manages the vulnerability lifecycle including detection, prioritization, and validation in accordance with CSC standards. The Sr. Cybersecurity Engineer coordinates detection and response of cyber events and incidents. This person manages global information security tools and programs to support cybersecurity defenses.

HOW YOU’LL MAKE A DIFFERENCE

• Detect, contain, and recover from security incidents
• Author and maintain global cybersecurity incident response technologies, runbooks, and procedures
• Continuously monitors global cyber security threat landscape for emerging attack vectors, develops treatment plans, and partners with multiple teams to effectively mitigate the identified threats
• Collaborates and coordinates with business and technical teams to ensure the secure and appropriate use of technology services and applications
• Manage global Information Security tools and programs (e.g. endpoint security, log correlation (SIEM), etc.)
• Act as a technical resource for junior engineers to establish processes, procedures, best practices, etc.

YOU ARE

• Able to work both individually and as part of a team and are committed to sharing knowledge and developing skills across the incident response team.
• An excellent written and verbal communicator with a high degree of business acumen and an enterprise mindset
• Able to establish success metrics, identify program improvements, and support initiatives impacting our people, processes, and technology.
• Creating and maintaining runbooks, workflows, and standardized procedures that improve consistency and quality across the team.
• An Automation‑First Thinker where you will refine SIEM and SOAR systems to improve efficiency and enable more time for high‑value investigative work.

YOU HAVE

• Education and Certifications:  Bachelor’s degree, applicable certification or equivalent experience with CompTIA Security+, CompTIA CySA+, or equivalent certifications
• Experience: 5 – 8 years’ professional experience, specifically in incident response roles with proven ability to work within a dynamic environment. You have played incident lead roles in enterprise-wide, multi-system incidents and can confidently brief executive leadership during crises.
• Program Building: Demonstrated experience with running incidents as well as developing runbooks and incident response metrics to support the Incident Response program.
• Technical proficiency: Hands on experience with security stack components (SIEM, SOAR, EDR, SWG, SEG, DSPM, DLP) where you know how to tune tools to improve detection and alert accuracy.
• Framework knowledge: Proficiency with Cybersecurity Incident Response, industry and regulatory standards and frameworks (e.g. NIST CSF, SANS, Cyber Kill Chain, MITRE ATT&CK, ISO 27001, SOX, PCI/DSS, GLBA, GDPR, and CCPA).

#LI-SA1
#Hybrid

This job description is not meant to be an all-inclusive list of duties and responsibilities, but constitutes a general definition of the position's scope and function in the company.