Security Analyst

France·ParisPermanent contractmid

Security AnalystCybersecurity

0 views0 saves0 applied

Apply Now

Quick Summary

Key Responsibilities

Operate and continuously improve our security monitoring: triage and investigate alerts across our detection stack (Datadog SIEM, SentinelOne EDR, Cloudflare), tune detections to reduce noise,

Requirements Summary

you will be the person who keeps continuous watch over our security posture — monitoring and investigating alerts, driving vulnerabilities through to remediation, supporting incident response,

Technical Tools

Security AnalystCybersecurity

Vestiaire Collective is the leading global platform for desirable pre-loved fashion and a pioneer in transforming how people consume fashion.

Our mission is simple: make circular fashion the norm, not the exception.
Through technology, expertise, and a highly engaged global community, we enable millions of people to buy and sell fashion in a more sustainable way.

Founded in Paris in 2009, Vestiaire Collective is now a globally scaled marketplace with offices in Paris, London, Berlin, New York, Singapore, and Ho Chi Minh City, and logistics hubs across Europe, Asia, and the US.

Today, we are a team of around 600 people from over 50 nationalities, united by a shared ambition: to drive meaningful change in the fashion industry.

Our values, Activism, Transparency, Dedication, Greatness, and Collective, shape how we build, collaborate, and grow every day.

About the Role

~1 min read

As a Senior Security Analyst at Vestiaire Collective, you will be part of our Security team. Your objective will be to provide a safe, secure, and trustworthy experience for our users, while safeguarding their privacy and personal data, as well as protecting our company assets and internal employees. Additionally, you will ensure compliance with regulatory requirements.

This role is focused on security operations, risk, and assurance: you will be the person who keeps continuous watch over our security posture — monitoring and investigating alerts, driving vulnerabilities through to remediation, supporting incident response, and producing the evidence and metrics that demonstrate our security and compliance to auditors, regulators, and leadership. Reporting to the Head of Security, you will work alongside a talented team of security engineers and collaborate closely with engineering teams and other stakeholders such as legal, finance, and corporate IT.

You will work daily with our security stack: Datadog (SIEM), SentinelOne (EDR), Upwind (CSPM), Cloudflare (WAF and Cloudflare One), and Grafana/Prometheus, on top of our AWS and GCP cloud environments.

Responsibilities

~2 min read

→
Operate and continuously improve our security monitoring: triage and investigate alerts across our detection stack (Datadog SIEM, SentinelOne EDR, Cloudflare), tune detections to reduce noise, and escalate confirmed threats.
→
Review and prioritize cloud security posture findings (Upwind CSPM) across our AWS and GCP environments, and drive misconfigurations through to resolution with the relevant teams.
→
Own the vulnerability management lifecycle: consolidate findings from penetration tests, application security reviews, and our bug bounty program; validate and prioritize them; and drive remediation with engineering teams against defined SLAs.
→
Triage incoming bug bounty submissions: reproduce and assess reported issues, determine severity, and coordinate fixes with the relevant code owners.
→
Support incident response from detection to closure: first-line investigation, coordination during incidents, documentation, and post-incident follow-up actions.
→
Support audit and assurance activities: prepare and maintain evidence for external audits, run periodic access reviews (joiners/movers/leavers, privileged access), and keep compliance documentation up to date.
→
Contribute to security metrics and reporting: maintain and enrich the KPIs and dashboards (Grafana) we use to report our security posture to leadership.
→
Assess third-party vendors and tools from a security and data-protection standpoint.
→
Handle day-to-day security requests from across the company (reported phishing, the security inbox, employee questions) and deliver security awareness initiatives to promote a security-conscious culture.

Proven experience (3+ years) in a security analyst, SOC, or security operations role, preferably in a fast-paced startup/scaleup environment.
Strong analytical and problem-solving abilities, rigorous documentation habits, and the ability to communicate clearly with both technical and non-technical stakeholders.
Hands-on experience with SIEM and log analysis platforms (e.g., Datadog, Splunk, Elastic) for alert triage, threat detection, and investigation; familiarity with EDR tooling (e.g., SentinelOne, CrowdStrike) is a strong plus.
Working familiarity with cloud environments (AWS and/or GCP) and cloud security fundamentals - enough to understand, prioritize, and follow up on CSPM and WAF findings.
Solid understanding of vulnerability management and common application threats (e.g., OWASP Top 10) - enough to validate findings, assess real-world impact, and discuss remediation credibly with engineers.
Understanding of compliance frameworks and regulations (e.g., ISO 27001, PCI DSS, SOC 2, GDPR, DSA), with the ability to translate requirements into practical controls, procedures, and audit evidence.
Scripting or query skills (e.g., Python, SQL), for automating routine analysis and digging into data during investigations.
Ability to adapt to a rapidly changing environment and manage multiple priorities.
NICE TO HAVE: Bachelor's or Master's degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., CompTIA Security+/CySA+, GIAC GCIH/GCIA, CISA, ISO 27001 Lead Auditor/Implementer) are a plus.

Datadog SIEM
Upwind CSPM
Cloudflare (WAF, One)
SentinelOne
AWS, GCP
Grafana, Prometheus
Snowflake
Tableau

What We Offer

~2 min read

✓Purpose-driven work at scaleJoin a company reshaping the fashion industry towards circularity, you directly contributes to reducing waste and extending the life of luxury items.

✓High-impact scope & ownershipWork on products used globally, where your decisions have immediate, measurable impact on millions of users across 70+ countries.

✓A truly international environmentCollaborate with a diverse team of 50+ nationalities across Paris, London, Berlin, New York, Singapore, and Ho Chi Minh City.

✓Career acceleration in a fast-moving scale-upTake ownership early, grow fast, and shape your path, as an expert or a future leader.

✓Learning & growth as a priorityDedicated budget, continuous feedback culture, and opportunities to work on cutting-edge topics (AI, marketplace dynamics, scalability, etc.).

✓Flexible ways of workingHybrid model (typically 2 days remote per week), with trust and autonomy at the core of how we operate.

✓Give back through action2 paid days per year to support a cause of your choice and actively contribute to positive impact beyond your day-to-day role.

✓Competitive compensation & benefitsIncluding bonus, health coverage, lunch vouchers, Gym-Pass, and additional legal perks depending on your location.

✓Contact you via WhatsApp, Telegram, or similar platforms

✓Ask for payment or banking information at any stage of the process