Information Technology - Senior Engineer, Threat & Vulnerability

at  Aritzia

THE TEAM

The mission of the Cybersecurity Department is to deliver high‐quality cybersecurity services and solutions that minimize risk across Aritzia’s systems and data.

THE QUALIFICATIONS

The Senior Engineer, Threat & Vulnerability, has:

• Proven skills, certifications, education and/or experience:
• Proficiency in Microsoft security suite of products, including MS Defender and Sentinel; Kusto Query Language (KQL); security incident investigation techniques
• Knowledge of Microsoft, Linux, and Mac operating systems; Zscaler products; vulnerability scanning tools; Azure and GCP cloud infrastructure; SIEM products; MITRE ATT&CK framework
• Exposure to web application and/or network penetration testing
• Microsoft: Security Operations Analysts Associate – SC-200 certification preferred
• MS: Azure Security Engineer Associate – AZ-500 certification preferred
• Offensive Security: OSCP, SOC-200 certification preferred
• SANS: GIAC – Incident Handler certification preferred
• A commitment to learn and apply Aritzia’s Values and Business and People Leadership principles

THE COMPENSATION

The typical hiring range for this position is $100,000 - $120,000 CAD per year. The final agreed upon [salary/wage] may vary based on factors such as job-related knowledge, skills and experience.
We are always looking for top talent. If your qualifications differ from those listed above, the scope of work and final agreed upon [salary/wage] may be adjusted to reflect your individual qualifications.
Aritzia’s Everyday Luxury compensation package goes beyond the base salary with endless growth and recognition opportunities through our pay-for-performance philosophy. With comprehensive benefits, aspirational workspaces and elevated employee perks and experiences — we provide it all.

As the Senior Engineer, Threat & Vulnerability, you will:

• Investigate security incidents or vulnerabilities reported by third parties or external security researchers.
• Respond to vulnerability reports and prioritize remediations with our IT partners according to the SLA requirements.
• Monitor and respond to security incidents, coordinating cross-functional teams to mitigate and eradicate threats.
• Analyze logs from various sources to investigate events for anomalous activities.
• Investigate security events from various EDR, network, firewalls, proxies & cloud security tools and take appropriate remediation actions.
• Perform root cause analysis for security incidents and document your findings.
• Enforce security controls to protect against security threats to Aritzia’s infrastructure.
• Conduct research on the latest threats and configure relevant alerts.
• Assist in the development of threat-driven response playbooks to support security incidents.