Security Analyst

Senior Security Analyst

As a Senior Security Analyst at Vestiaire Collective, you will be part of our Security team. Your objective will be to provide a safe, secure, and trustworthy experience for our users, while safeguarding their privacy and personal data, as well as protecting our company assets and internal employees. Additionally, you will ensure compliance with regulatory requirements.

What you will do

• Operate and continuously improve our security monitoring: triage and investigate alerts across our detection stack (Datadog SIEM, SentinelOne EDR, Cloudflare), tune detections to reduce noise, and upscale confirmed threats.
• Review and prioritize cloud security posture findings (Upwind CSPM) across our AWS and GCP environments, and drive misconfigurations through to resolution with the relevant teams.
• Own the vulnerability management lifecycle: consolidate findings from penetration tests, application security reviews, and our bug bounty program; validate and prioritize them; and drive remediation with engineering teams against defined SLAs.
• Triage incoming bug bounty submissions: reproduce and assess reported issues, determine severity, and coordinate fixes with the relevant code owners.
• Support incident response from detection to closure: first‑line investigation, coordination during incidents, documentation, and post‑incident follow‑up actions.
• Support audit and assurance activities: prepare and maintain evidence for external audits, run periodic access reviews (joiners/movers/leavers, privileged access), and keep compliance documentation up to date.
• Contribute to security metrics and reporting: maintain and enrich the KPIs and dashboards (Grafana) we use to report our security posture to leadership.
• Assess third‑party vendors and tools from a security and data‑protection standpoint.
• Handle day‑to‑day security requests from across the company (reported phishing, the security inbox, employee questions) and deliver security awareness initiatives to promote a security‑conscious culture.

Who you are

• Proven experience (3+ years) in a security analyst, SOC, or security operations role, preferably in a fast‑paced startup/scaleup environment.
• Strong analytical and problem‑solving abilities, rigorous documentation habits, and the ability to communicate clearly with both technical and non‑technical stakeholders.
• Hands‑on experience with SIEM and log analysis platforms (e.g., Datadog, Splunk, Elastic) for alert triage, threat detection, and investigation; familiarity with EDR tooling (e.g., SentinelOne, CrowdStrike) is a strong plus.
• Working familiarity with cloud environments (AWS and/or GCP) and cloud security fundamentals — enough to understand, prioritize, and follow up on CSPM and WAF findings.
• Solid understanding of vulnerability management and common application threats (e.g., OWASP Top 10) — enough to validate findings, assess real‑world impact, and discuss remediation credibly with engineers.
• Understanding of compliance frameworks and regulations (e.g., ISO 27001, PCI DSS, SOC 2, GDPR, DSA), with the ability to translate requirements into practical controls, procedures, and audit evidence.
• Scripting or query skills (e.g., Python, SQL), for automating routine analysis and digging into data during investigations.
• Ability to adapt to a rapidly changing environment and manage multiple priorities.
• NICE TO HAVE: Bachelor's or Master’s degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., CompTIA Security+/CySA+, GIAC GCIH/GCIA, CISA, ISO 27001 Lead Auditor/Implementer) are a plus.

Our Tech Stacks Includes

• Datadog SIEM
• Upwind CSPM
• Cloudflare (WAF, One)
• SentinelOne
• AWS, GCP
• Grafana, Prometheus
• Snowflake
• Tableau

What We Offer

• Purpose-driven work at scale Join a company reshaping the fashion industry towards circularity, you directly contributes to reducing waste and extending the life of luxury items.
• High-impact scope & ownership Work on products used globally, where your decisions have immediate, measurable impact on millions of users across 70+ countries.
• A truly international environment Collaborate with a diverse team of 50+ nationalities across Paris, London, Berlin, New York, Singapore, and Ho Chi Minh City.
• Career acceleration in a fast-moving scale‑up Take ownership early, grow fast, and shape your path, as an expert or a future leader.
• Learning & growth as a priority Dedicated budget, continuous feedback culture, and opportunities to work on cutting‑edge topics (AI, marketplace dynamics, scalability, etc.).
• Flexible ways of working Hybrid model (typically 2 days remote per week), with trust and autonomy at the core of how we operate.
• Give back through action 2 paid days per year to support a cause of your choice and actively contribute to positive impact beyond your day‑to‑day role.
• Competitive compensation & benefits Including bonus, health coverage, lunch vouchers, Gym-Pass, and additional legal perks depending on your location.

Vestiaire Collective is proud to be an equal opportunity employer.