lululemon

about this team

The lululemon cybersecurity team enables lululemon to conduct its global operations in a secure manner and safeguard the trusted information of its guest and users. This is accomplished by understanding business risk as manifested through cybersecurity and compliance risk, and by maintain a high degree of employee awareness of all security and compliance topics. To further enhance our team, we are looking for an experienced Cyber Security Senior Analyst.

a day in the life

The Cyber Security Senior Analyst will help the team to perform Security Operations Center (SOC) duties, which include incident response, malware analysis, and monitoring. This role will work with the team and become a senior technical contributor to implement and apply technologies, processes, and practices designed to protect networks, devices, and data from malicious attack, damage, or unauthorized access.

• Conduct threat analysis, assessment, and malware analysis in support of security investigations and incident response processes
• Lead investigations into security incidents escalated from lower-tier SOC analysts
• Provide technical mentorship to Tier 1 and Tier 2 SOC analysts, sharing knowledge on incident response, threat detection and advanced cybersecurity techniques.
• Conduct root cause analysis and identify containment and remediation actions.
• Develop and implement custom detection rules to enhance threat detections capabilities
• Provide technical leadership and coaching to security operations personnel
• Recognize and research attacker tools, tactics, and procedures (TTP) in indicators of compromise (IOCs) that can be applied to current and future investigations
• Build internal scripts, tools and automation processes to enhance detection and response capabilities
• Collaborates with technical and business teams to drive SOC initiatives acting as the SME
• Provide after-hour support as needed and participate in on-call rotation.

qualifications

• Bachelor’s Degree in Computer Science or Computer Crime Investigations preferred
• 5+ years experience in a Security Operations Center or Technical Incident Response role
• Strong knowledge of incident response methodologies, including NIST 800-61 and SANS incident response lifecycle.
• Proven track record of handling advanced and complex security incidents.
• Demonstrated experience in computer security- related disciplines such as incident response, host forensics, malware analysis, container security, network traffic analysis, Insider Threat, alerts tuning and trend analysis
• Strong knowledge of cloud security in Azure, AWS, GCP.
• Extensive experience working with security tools such as SIEM, EDR, firewalls, IDS/IPS, antispam, content management, server and network device hardening, etc.
• Strong understanding of security concepts of threat categories (such as malware, phishing attacks, Defense-inDepth, MITRE ATT&CK framework, etc.)
• Strong knowledge of Windows, Linux and/or Mac OS and comfortable with looking at, understanding, and investigating Security Event logs.
• Experience with query languages such as KQL, SPL and scripting languages (Bash, PowerShell, Python)
• Experience in using security orchestration, automation, and response tools
• The ability to effectively communicate both verbally and in writing to audiences of different technical skill levels.
• Strong analytical and troubleshooting abilities to investigate, identify and resolve security incidents quickly and effectively.
• Capability to remain calm, composed, and focused during high-pressure situations, ensuring a clear and effective incident response.