Security Analyst

Vestiaire Collective is the leading global platform for desirable pre-loved fashion and a pioneer in transforming how people consume fashion.
 
Our mission is simple: make circular fashion the norm, not the exception.
Through technology, expertise, and a highly engaged global community, we enable millions of people to buy and sell fashion in a more sustainable way.
 
Founded in Paris in 2009, Vestiaire Collective is now a globally scaled marketplace with offices in Paris, London, Berlin, New York, Singapore, and Ho Chi Minh City, and logistics hubs across Europe, Asia, and the US.
Today, we are a team of around 600 people from over 50 nationalities, united by a shared ambition: to drive meaningful change in the fashion industry.
 
Our values, Activism, Transparency, Dedication, Greatness, and Collective, shape how we build, collaborate, and grow every day.

About the role : 
As a Senior Security Analyst at Vestiaire Collective, you will be part of our Security team. Your objective will be to provide a safe, secure, and trustworthy experience for our users, while safeguarding their privacy and personal data, as well as protecting our company assets and internal employees. Additionally, you will ensure compliance with regulatory requirements.
This role is focused on security operations, risk, and assurance: you will be the person who keeps continuous watch over our security posture — monitoring and investigating alerts, driving vulnerabilities through to remediation, supporting incident response, and producing the evidence and metrics that demonstrate our security and compliance to auditors, regulators, and leadership. Reporting to the Head of Security, you will work alongside a talented team of security engineers and collaborate closely with engineering teams and other stakeholders such as legal, finance, and corporate IT.
You will work daily with our security stack: Datadog (SIEM), SentinelOne (EDR), Upwind (CSPM), Cloudflare (WAF and Cloudflare One), and Grafana/Prometheus, on top of our AWS and GCP cloud environments.
What you will do : 
Operate and continuously improve our security monitoring: triage and investigate alerts across our detection stack (Datadog SIEM, SentinelOne EDR, Cloudflare), tune detections to reduce noise, and escalate confirmed threats.
Review and prioritize cloud security posture findings (Upwind CSPM) across our AWS and GCP environments, and drive misconfigurations through to resolution with the relevant teams.
Own the vulnerability management lifecycle: consolidate findings from penetration tests, application security reviews, and our bug bounty program; validate and prioritize them; and drive remediation with engineering teams against defined SLAs.
Triage incoming bug bounty submissions: reproduce and assess reported issues, determine severity, and coordinate fixes with the relevant code owners.
Support incident response from detection to closure: first-line investigation, coordination during incidents, documentation, and post-incident follow-up actions.
Support audit and assurance activities: prepare and maintain evidence for external audits, run periodic access reviews (joiners/movers/leavers, privileged access), and keep compliance documentation up to date.
Contribute to security metrics and reporting: maintain and enrich the KPIs and dashboards (Grafana) we use to report our security posture to leadership.
Assess third-party vendors and tools from a security and data-protection standpoint.
Handle day-to-day security requests from across the company (reported phishing, the security inbox, employee questions) and deliver security awareness initiatives to promote a security-conscious culture.

Who you are :
Proven experience (3+ years) in a security analyst, SOC, or security operations role, preferably in a fast-paced startup/scaleup environment.
Strong analytical and problem-solving abilities, rigorous documentation habits, and the ability to communicate clearly with both technical and non-technical stakeholders.
Hands-on experience with SIEM and log analysis platforms (e.g., Datadog, Splunk, Elastic) for alert triage, threat detection, and investigation; familiarity with EDR tooling (e.g., SentinelOne, CrowdStrike) is a strong plus.
Working familiarity with cloud environments (AWS and/or GCP) and cloud security fundamentals - enough to understand, prioritize, and follow up on CSPM and WAF findings.
Solid understanding of vulnerability management and common application threats (e.g., OWASP Top 10) - enough to validate findings, assess real-world impact, and discuss remediation credibly with engineers.
Understanding of compliance frameworks and regulations (e.g., ISO 27001, PCI DSS, SOC 2, GDPR, DSA), with the ability to translate requirements into practical controls, procedures, and audit evidence.
Scripting or query skills (e.g., Python, SQL), for automating routine analysis and digging into data during investigations.
Ability to adapt to a rapidly changing environment and manage multiple priorities.
NICE TO HAVE: Bachelor's or Master's degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., CompTIA Security+/CySA+, GIAC GCIH/GCIA, CISA, ISO 27001 Lead Auditor/Implementer) are a plus.

Our Tech Stacks includes 
Datadog SIEM
Upwind CSPM
Cloudflare (WAF, One)
SentinelOne
AWS, GCP
Grafana, Prometheus
Snowflake
Tableau

Cette annonce provient de ats_lever. Voir l'annonce originale ↗