Vestiaire Collective is the leading global platform for desirable pre-loved fashion and a pioneer in transforming how people consume fashion.
Our mission is simple: make circular fashion the norm, not the exception.
Through technology, expertise, and a highly engaged global community, we enable millions of people to buy and sell fashion in a more sustainable way.
Founded in Paris in 2009, Vestiaire Collective is now a globally scaled marketplace with offices in Paris, London, Berlin, New York, Singapore, and Ho Chi Minh City, and logistics hubs across Europe, Asia, and the US.
Today, we are a team of around 600 people from over 50 nationalities, united by a shared ambition: to drive meaningful change in the fashion industry.
Our values, Activism, Transparency, Dedication, Greatness, and Collective, shape how we build, collaborate, and grow every day.
About the role :
As a Senior Security Analyst at Vestiaire Collective, you will be part of our Security team. Your objective will be to provide a safe, secure, and trustworthy experience for our users, while safeguarding their privacy and personal data, as well as protecting our company assets and internal employees. Additionally, you will ensure compliance with regulatory requirements.
This role is focused on security operations, risk, and assurance: you will be the person who keeps continuous watch over our security posture — monitoring and investigating alerts, driving vulnerabilities through to remediation, supporting incident response, and producing the evidence and metrics that demonstrate our security and compliance to auditors, regulators, and leadership. Reporting to the Head of Security, you will work alongside a talented team of security engineers and collaborate closely with engineering teams and other stakeholders such as legal, finance, and corporate IT.
You will work daily with our security stack: Datadog (SIEM), SentinelOne (EDR), Upwind (CSPM), Cloudflare (WAF and Cloudflare One), and Grafana/Prometheus, on top of our AWS and GCP cloud environments.
What you will do :
Operate and continuously improve our security monitoring: triage and investigate alerts across our detection stack (Datadog SIEM, SentinelOne EDR, Cloudflare), tune detections to reduce noise, and escalate confirmed threats.
Review and prioritize cloud security posture findings (Upwind CSPM) across our AWS and GCP environments, and drive misconfigurations through to resolution with the relevant teams.
Own the vulnerability management lifecycle: consolidate findings from penetration tests, application security reviews, and our bug bounty program; validate and prioritize them; and drive remediation with engineering teams against defined SLAs.
Triage incoming bug bounty submissions: reproduce and assess reported issues, determine severity, and coordinate fixes with the relevant code owners.
Support incident response from detection to closure: first-line investigation, coordination during incidents, documentation, and post-incident follow-up actions.
Support audit and assurance activities: prepare and maintain evidence for external audits, run periodic access reviews (joiners/movers/leavers, privileged access), and keep compliance documentation up to date.
Contribute to security metrics and reporting: maintain and enrich the KPIs and dashboards (Grafana) we use to report our security posture to leadership.
Assess third-party vendors and tools from a security and data-protection standpoint.
Handle day-to-day security requests from across the company (reported phishing, the security inbox, employee questions) and deliver security awareness initiatives to promote a security-conscious culture.
Who you are :
Proven experience (3+ years) in a security analyst, SOC, or security operations role, preferably in a fast-paced startup/scaleup environment.
Strong analytical and problem-solving abilities, rigorous documentation habits, and the ability to communicate clearly with both technical and non-technical stakeholders.
Hands-on experience with SIEM and log analysis platforms (e.g., Datadog, Splunk, Elastic) for alert triage, threat detection, and investigation; familiarity with EDR tooling (e.g., SentinelOne, CrowdStrike) is a strong plus.
Working familiarity with cloud environments (AWS and/or GCP) and cloud security fundamentals - enough to understand, prioritize, and follow up on CSPM and WAF findings.
Solid understanding of vulnerability management and common application threats (e.g., OWASP Top 10) - enough to validate findings, assess real-world impact, and discuss remediation credibly with engineers.
Understanding of compliance frameworks and regulations (e.g., ISO 27001, PCI DSS, SOC 2, GDPR, DSA), with the ability to translate requirements into practical controls, procedures, and audit evidence.
Scripting or query skills (e.g., Python, SQL), for automating routine analysis and digging into data during investigations.
Ability to adapt to a rapidly changing environment and manage multiple priorities.
NICE TO HAVE: Bachelor's or Master's degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., CompTIA Security+/CySA+, GIAC GCIH/GCIA, CISA, ISO 27001 Lead Auditor/Implementer) are a plus.
Our Tech Stacks includes
Datadog SIEM
Upwind CSPM
Cloudflare (WAF, One)
SentinelOne
AWS, GCP
Grafana, Prometheus
Snowflake
Tableau
- Purpose-driven work at scale
Join a company reshaping the fashion industry towards circularity, you directly contributes to reducing waste and extending the life of luxury items.
- High-impact scope & ownership
Work on products used globally, where your decisions have immediate, measurable impact on millions of users across 70+ countries.
- A truly international environment
Collaborate with a diverse team of 50+ nationalities across Paris, London, Berlin, New York, Singapore, and Ho Chi Minh City.
- Career acceleration in a fast-moving scale-up
Take ownership early, grow fast, and shape your path, as an expert or a future leader.
- Learning & growth as a priority
Dedicated budget, continuous feedback culture, and opportunities to work on cutting-edge topics (AI, marketplace dynamics, scalability, etc.).
- Flexible ways of working
Hybrid model (typically 2 days remote per week), with trust and autonomy at the core of how we operate.
- Give back through action
2 paid days per year to support a cause of your choice and actively contribute to positive impact beyond your day-to-day role.
- Competitive compensation & benefits
Including bonus, health coverage, lunch vouchers, Gym-Pass, and additional legal perks depending on your location.
Research shows that candidates from underrepresented backgrounds including women, people with disabilities, and other marginalized communities, are less likely to apply unless they meet 100% of the criteria.
At Vestiaire Collective, we believe diversity drives better decisions, stronger products, and more meaningful impact.
If this role excites you but your experience doesn’t align perfectly, we still encourage you to apply, your perspective could be exactly what we’re looking for.
Vestiaire Collective is proud to be an equal opportunity employer.
PS: We take candidate experience seriously, and your safety too !
Vestiaire Collective will only contact you through official email addresses ending in @vestiairecollective.com or [email protected].
We will never:
- Contact you via WhatsApp, Telegram, or similar platforms
- Ask for payment or banking information at any stage of the process
If you receive a suspicious message, please report it to: [email protected]
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
