Lululemon

who we are

lululemon is an innovative performance apparel company for yoga, running, training, and other athletic pursuits. Setting the bar in technical fabrics and functional design, we create transformational products and experiences that support people in moving, growing, connecting, and being well. We owe our success to our innovative product, emphasis on stores, commitment to our people, and the incredible connections we make in every community we're in. As a company, we focus on creating positive change to build a healthier, thriving future. In particular, that includes creating an equitable, inclusive and growth-focused environment for our people.

About this team 

The lululemon cybersecurity team enables lululemon to conduct its global operations in a secure manner and safeguard the trusted information of its guest and users. This is accomplished by understanding business risk as manifested through cybersecurity and compliance risk, and by maintain a high degree of employee awareness of all security and compliance topics. To further enhance our team, we are looking for an experienced Cyber Security Senior Analyst. 

A day in the life

The Cyber Security Senior Analyst will help the team to perform Security Operations Center (SOC) duties, which include incident response, malware analysis, and monitoring. This role will work with the team and become a senior technical contributor to implement and apply technologies, processes, and practices designed to protect networks, devices, and data from malicious attack, damage, or unauthorized access.

• Conduct threat analysis, assessment, and malware analysis in support of security investigations and incident response processes.
• Lead investigations into security incidents escalated from lower-tier SOC analysts.
• Provide technical mentorship to Tier 1 and Tier 2 SOC analysts, sharing knowledge on incident response, threat detection, and advanced cybersecurity techniques.
• Conduct root cause analysis and identify containment and remediation actions.
• Recognize and research attacker tools, tactics, and procedures (TTP) in indicators of compromise (IOCs) that can be applied to current and future investigations.
• Build internal scripts, tools, and automation processes to enhance detection and response capabilities.
• Collaborate with technical and business teams to drive SOC initiatives acting as the SME.
• Conduct threat hunting activities to proactively identify potential threats and vulnerabilities within the network.
• Develop and maintain SOC runbooks and documentation to ensure consistent and effective processes.
• Participate in security audits and assessments to ensure compliance with industry standards and regulations.
• Provide after-hour support as needed and participate in on-call rotation.

Qualifications

• Bachelor’s degree in cybersecurity, computer science, information technology, or related field. 
• 5+ years experience in a Security Operations Center or Technical Incident Response role.
• Strong knowledge of incident response methodologies, including NIST 800-61.
• Proven track record of handling advanced and complex security incidents.
• Demonstrated experience in computer security-related disciplines such as incident response, host forensics, malware analysis, container security, network traffic analysis, Insider Threat, alert tuning, and trend analysis.
• Strong knowledge of cloud security in Azure, AWS, GCP.
• Extensive experience working with security tools such as Azure Sentinel, Splunk, Microsoft Defender Security Suite, firewalls, IDS/IPS, antispam, content management, server and network device hardening, etc.
• Strong understanding of security concepts and threat categories (such as malware, phishing attacks, Defense-in-Depth, MITRE ATT&CK framework, Cyber Kill Chain, etc.).
• Strong knowledge of Windows, Linux, and Mac OS
• Advanced Experience with query languages such as KQL and SPL
• Experience with scripting languages such as Bash, PowerShell, or Python.
• Experience in using security orchestration, automation, and response tools.
• The ability to effectively communicate both verbally and in writing to audiences of different technical skill levels.
• Strong analytical and troubleshooting abilities to investigate, identify, and resolve security incidents quickly and effectively.
• Capability to remain calm, composed, and focused during high-pressure situations, ensuring a clear and effective incident response.
• Knowledge of security frameworks and standards such as ISO 27001, PCI DSS, and NIST.
• Ability to conduct forensic analysis of network packet captures, DNS, proxy, and host-based security logs.
• Experience with cloud security posture management (CSPM) tools and practices.
• 
  

Must haves

Acknowledges the presence of choice in every moment and takes personal responsibility for their life. 

Possesses an entrepreneurial spirit and continuously innovates to achieve great results.  

Communicates with honesty, kindness and creates the space for others to do the same.  

Leads with courage, knowing the possibility of greatness is bigger than the fear of failure.  

Fosters connection by putting people first and building trusting relationships.  

Integrates fun and joy as a way of being and working, aka doesn’t take themselves too seriously.  

Please note: Applicants must be authorized to work for ANY employer in the U.S. We are unable to sponsor or take over sponsorship of employment visa at this time for this role. 

compensation and benefits package 

lululemon’s compensation offerings are grounded in a pay-for-performance philosophy that recognizes exceptional individual and team performance. The typical hiring range for this position is from  $136,200 - $178,700 USD annually; the base pay offered is based on market location and may vary depending on job-related knowledge, skills, experience, and internal equity. As part of our total rewards offering, permanent employees in this position may be eligible for our competitive annual bonus program, subject to program eligibility requirements.  

At lululemon, investing in our people is a top priority. We believe that when life works, work works. We strive to be the place where inclusive leaders come to develop and enable all to be well. Recognizing our teams for their performance and dedication, other components of our total rewards offerings include support of career development, wellbeing, and personal growth:

• Extended health and dental benefits, and mental health plans 
• Paid time off 
• Savings and retirement plan matching 
• Generous employee discount 
• Fitness & yoga classes 
• Parenthood top-up 
• Extensive catalog of development course offerings 
• People networks, mentorship programs, and leadership series (to name a few) 

Note: The incentive programs, benefits, and perks have certain eligibility requirements. The Company reserves the right to alter these incentive programs, benefits, and perks in whole or in part at any time without advance notice.

 
workplace arrangement
 

Hybrid 

In-person collaboration and connection is important to our culture. Work is performed onsite, minimum 4 days per week.

 #LI-Onsite 

 #LI-SP1