Security Analyst

who we are
lululemon is an innovative performance apparel company for yoga, running, training, and other athletic pursuits. Setting the bar in technical fabrics and functional design, we create transformational products and experiences that support people in moving, growing, connecting, and being well. We owe our success to our innovative product, emphasis on stores, commitment to our people, and the incredible connections we make in every community we're in. As a company, we focus on creating positive change to build a healthier, thriving future. In particular, that includes creating an equitable, inclusive and growth-focused environment for our people.
about this team
The lululemon cybersecurity team enables lululemon to conduct its global operations in a secure manner and safeguard the trusted information of its guest and users. This is accomplished by understanding business risk as manifested through cybersecurity and compliance risk, and by maintain
a high degree of employee awareness of all security and compliance topics. To further enhance our team, we are looking for an experienced Cyber Security Analyst.
**core responsibilities**:
The Cyber Security Analyst will help the team to perform Security Operations Center (SOC) duties, which include incident response, malware analysis, and monitoring. This role will work with the team to implement processes and practices designed to protect networks, devices, and data from malicious
attack, damage, or unauthorized access.
- Triages alerts/incidents and performs deep analysis; correlates with threat intelligence tools, tactics and procedures (TTP) in indicators of compromise (IOCs) to identify the threat actor, nature of the attack, and systems or data affected.
- Prioritizes and triages alerts or issues to determine whether a real security incident is taking place and escalate incidents to Tier 3 if remediation cannot be closed within SLA time.
- Performs analysis, triage and remediation of low/medium priority alerts.
- Analyzing logs, network traffic, and other data sources to identify the source of incidents.
- Record identified vulnerabilities, create remediation tickets and track their status.
- Build internal scripts, tools, and automation processes to enhance detection and response capabilities.
- Adjusting security tools and processes, e.g. EDR alerting modifications, updating detection rules conditions, etc.

**qualifications**:

- Bachelor’s in: Computer Science, Information Security, Cybersecurity, or a related degree.
- 2-4 year experience in one or more areas: Security Operations, Incident Response, Information Security Technology, etc.
- Working experiences to security tools such as SIEM (Sentinel), EDR, firewalls, IDS/IPS, anti-spam, content management, server and network device hardening, etc.
- Experience in using security orchestration, automation, and response tools
- Strong security concepts of threat categories (such as malware, phishing attacks, Defense-in-Depth, MITRE ATT&CK framework, etc.)
- Strong knowledge of M365 Security tools, Azure, AWS, GCP
- Strong knowledge of Windows, Linux and/or Mac OS and comfortable with looking at, understanding, and investigating Security Event logs.
- Good knowledge of networking protocols (SMTP, HTTP, HTTPS, FTP, DNS, DHCP, etc), SharePoint, Excel, JIRA and/or Microsoft Office skills

**must haves**:

- Acknowledges the presence of choice in every moment and takes personal responsibility for their life.
- Possesses an entrepreneurial spirit and continuously innovates to achieve great results.
- Communicates with honesty kindness and creates the space for others to do the same.
- Leads with courage, knowing the possibility of greatness is bigger than the fear of failure.
- Fosters connection by putting people first and building trusting relationships.
- Integrates fun and joy as a way of being and working, aka doesn’t take themselves too seriously.

additional notes
Authorization to work in Canada is required for this role.
compensation and benefits package
At lululemon, investing in our people is a top priority. We believe that when life works, work works. We strive to be the place where inclusive leaders come to develop and enable all to be well. Recognizing our teams for their performance and dedication, other components of our total rewards offerings include support of career development, wellbeing, and personal growth:

- Extended health and dental benefits, and mental health plans
- Paid time off
- Savings and retirement plan matching
- Generous employee discount
- Fitness & yoga classes
- Parenthood top-up
- Extensive catalog of development course offerings
- People networks, mentorship programs, and leadership series (to name a few)

**Note**: The incentive programs, benefits, and perks have certain eligibility requirements. The Company reserves the right to alter these incentive programs, benefits, and perks in whole or in part at any time without advance notice.
workplace arrangement
Hybrid