Cybersecurity Analyst Application Deadline: 31 May 2026 Department: Technology Employment Type: Fixed Term Contract Location: Head Office Compensation: $115,000 - $138,000 / year Description Role Summary We are seeking a Contract Security Analyst with hands-on experience across Netskope SSE, Microsoft Purview (full DLP), Microsoft Defender, and Arctic Wolf MDR. This role blends security operations, incident response, and data loss prevention engineering, supporting both daytoday alert handling and continuous improvement of detection and data protection controls. The analyst will act as a key technical partner to internal IT teams and the Arctic Wolf SOC, helping reduce risk, improve signal quality, and ensure strong visibility and control over cloud usage and sensitive data. Key Responsibilities 1. Security Monitoring, Investigation & Incident Response - Monitor, triage, and investigate security alerts originating from: - Arctic Wolf MDR - Microsoft Defender (Endpoint, Identity, Office 365, Cloud Apps) - Netskope SSE (SWG, CASB, ZTNA, Threat Protection, DLP) - Perform incident response activities including: - Alert validation, scoping, and root-cause analysis - Endpoint, identity, cloud, and SaaS activity investigation - Containment actions (account suspension, device isolation, session revocation, policy enforcement) - Work closely with Arctic Wolf on: - Case escalations and response coordination - Validation of detections and recommended actions - Produce clear incident documentation, including: - Timelines, affected assets, impact assessment, and remediation steps 2. Detection Engineering & Alert Tuning (NonSIEM) - Tune and optimize detections and policies directly within: - Microsoft Defender portals (no Sentinel) - Netskope security and DLP policies - Arctic Wolf escalation criteria and response workflows - Reduce alert fatigue by: - Eliminating false positives - Aligning severity with business impact - Improving investigation context and signal fidelity - Contribute to detection coverage for: - Identity compromise and OAuth abuse - Malware, ransomware, and lateral movement - Risky SaaS usage and anomalous cloud behavior - Data exfiltration and policy violations 3. Data Loss Prevention & Information Protection - Administer and enhance Microsoft Purview Information Protection and DLP, including: - Sensitivity labels and label policies - DLP policies across Exchange, SharePoint, OneDrive, and Teams - Alert triage and incident follow-up for DLP eventsup for DLP events - Design, implement, and tune Netskope DLP: - Inline and at rest controls across web and cloud appsrest controls across web and cloud apps - Classification, fingerprinting, and structured/unstructured data detection - Partner with business and privacy stakeholders to: - Translate data protection requirements into enforceable controls - Implement exception handling and user education workflows - Balance risk reduction with business usability - Track and report on DLP effectiveness and trends 4. Netskope SSE Platform Operations - Support the full Netskope SSE stack, including: - Secure Web Gateway (SWG) - CASB (managed and unmanaged apps) - ZTNA - Threat Protection - DLP - Monitor policy health, coverage, and enforcement effectiveness - Identify and remediate gaps in visibility, control, or logging - Support investigations involving risky apps, shadow IT, and cloud misuse 5. Platform Hygiene, Documentation & Reporting - Validate security tool coverage and operational health: - Endpoint onboarding and Defender health - Identity and SaaS integrations - Logging completeness and alert flow - Develop and maintain: - Incident response playbooks - DLP and investigation runbooks - Operational procedures and escalation paths - Produce actionable reporting for leadership: - Incident trends, alert quality, DLP metrics, and risk themes - Support knowledge transfer and operational maturity improvements Required Skills and Experience - 3–5+ years in a Security Analyst, SOC, or Incident Response role - Hands-on experience with: - Microsoft Defender (Endpoint, Identity, Office 365, Cloud Apps) - Microsoft Purview (Information Protection and full DLP) - Netskope (SWG, CASB, ZTNA, DLP, Threat Protection) - Arctic Wolf MDR (case handling, escalations, collaboration) - Strong understanding of: - Cloud and SaaS security threats - Identity-based attacks and phishing - Data protection and regulatory considerations - Incident response lifecycle and MITRE ATT&CK concepts - Ability to clearly document findings and communicate with both technical and nontechnical stakeholders Nice-to-Have Qualifications - Experience with: - Defender XDR Advanced Hunting - Security policy design for large M365 environments - SaaS governance and cloud risk management - Certifications (preferred but not required): - SC200, SC400, AZ500, Security+, or equivalent What Success Looks Like Within the first 60 days, the contractor is expected to: - Reduce alert noise through documented tuning improvements - Improve clarity and consistency of incident response processes - Deliver measurable improvements in DLP signal quality - Ensure full coverage and operational health across Defender, Netskope, and Purview - Leave behind clear documentation and operational artifacts Don’t meet every single requirement? That’s okay. We encourage you to apply anyway. We believe in investing in potential and supporting our team members as they grow into their roles. If this opportunity excites you, but your experience doesn’t align perfectly, we still want to hear from you. Benefits As an employee at Embark you will benefit from so many great employee perks… 🌍 Flexible Ways of Working: Design your workday around what matters most. With flexible hours, you can balance work with all the other important things in life. And, with our Remote Work Arrangement, you can work from anywhere in the world for part of the year—whether that’s a beach in Bali or your cozy cabin in Muskoka. 💪 Health & Wellbeing Support: Your wellbeing is our priority. Enjoy fitness reimbursements, paramedical coverage, and a generous health spending account. Recharge with Embark Wellness Days and wellness-focused afternoons, and access extended mental health support whenever you need it. 🚀 Career Development That Moves You Forward: Fuel your growth with funding for courses, certifications, and conferences. Explore new horizons through job rotations and secondments, and benefit from ongoing coaching and personalized development planning that keeps your career moving. At Embark, people stick around for the long-haul. 🎓 RESP Matching — Because Futures Matter: We don’t just talk about education—we invest in it. On top of RRSP matching, you’ll receive RESP matching to help your loved ones pursue their post-secondary dreams. 🎉 Fun Is Part of the Job: We take fun seriously. From themed parties and surprise treat days to team socials that actually make you want to show up, we create moments that spark joy, build connection, and make work feel like more than just work. Recent Awards

Role Description As member of the Cybersecurity BISO team, this role partners with US Brand BISOs to support and execute cybersecurity priorities across business and technology teams. Acting as a business-facing security resource, the role helps ensure effective implementation of security controls and alignment with regulatory and organizational requirements across restaurant, above-store, and corporate environments. This role is designed to operate with a high degree of independence while serving as a back-up to US Brand BISOs. The role focuses on: - Managing day-to-day security operations - Stakeholder engagement - Risk management activities - Ownership of security domains Working in a dynamic, brand-focused environment, this role leverages technical expertise to: - Evaluate risks - Support security services - Enhance the overall security posture of the business Occasional after-hours or on-call support may be required. Qualifications - Experience in cybersecurity or related field - Strong understanding of security controls and regulatory requirements - Ability to work independently and manage multiple priorities - Excellent communication and stakeholder engagement skills Requirements - Proven experience in security operations - Technical expertise in risk evaluation and management - Ability to work in a fast-paced, dynamic environment Benefits - Competitive salary - Health and wellness programs - Opportunities for professional development

• Responsible for protecting, monitoring, and defending the organization's information systems and networks. • Balance daily technical support with high-level incident response and compliance auditing to ensure the integrity of the mission-critical network. • Actively monitor network traffic to identify anomalies. • Utilize advanced tools to perform intrusion analysis and lead incident handling efforts to mitigate threats. • Maintain and configure Operating Systems and Computing Environments (OS/CE) in accordance with security technical implementation guides (STIGs). • Execute IAM (Information Assurance Management) functions to ensure only authorized users have access to sensitive data, maintaining the "least privilege" principle. • Perform regular system scans (IAT functions) to identify hardware and software vulnerabilities; coordinate the deployment of patches and security updates. • Provide Tier I/II technical support for secured networks, ensuring connectivity is maintained without compromising the security posture. • Maintain accurate records of security incidents, system configurations, and compliance audits to meet DoD reporting requirements.

Bloomreach is building the world’s premier agentic platform for personalization.We’re revolutionizing how businesses connect with their customers, building and deploying AI agents to personalize the entire customer journey. - We're taking autonomous search mainstream, making product discovery more intuitive and conversational for customers, and more profitable for businesses. - We’re making conversational shopping a reality, connecting every shopper with tailored guidance and product expertise — available on demand, at every touchpoint in their journey. - We're designing the future of autonomous marketing, taking the work out of workflows, and reclaiming the creative, strategic, and customer-first work marketers were always meant to do. And we're building all of that on the intelligence of a single AI engine — Loomi AI — so that personalization isn't only autonomous…it's also consistent.From retail to financial services, hospitality to gaming, businesses use Bloomreach to drive higher growth and lasting loyalty. We power personalization for more than 1,400 global brands, including American Eagle, Sonepar, and Pandora. Join the Bloomreach GIST (Global Information Security & Technology) team as an Associate Security Analyst and help protect our e-commerce environment from threats, vulnerabilities, and sophisticated attackers. Your work will have a significant impact on numerous customers across various e-commerce verticals and hundreds of millions of online users. As a core member of our globally distributed 24/7 Security Operations Team, you can work full-time from our India offices or from home. Your job will be (but not limited to) ● To Monitor, analyze & interpret security/system/application/infrastructure logs for events, configuration irregularities & potential incidents ● To leverage security tools, custom built dashboards and/or proactive identification approaches to detect anomalous activities ● Monitoring Cloud infrastructure for security-related events ● Monitoring threat/vulnerability landscape and security advisories, coordinate and escalate as appropriate ●To work with application security teams, product specialists, GRC, legal teams on active incidents and/or investigations ● To participate in a major incident call, document incident report summaries ● To document, follow and execute standard operating procedures (SOPs) ● Documenting/Managing/maintaining & following use cases, playbooks and/or knowledge base articles ● To work on incidents, requests related to security ● Owning responsibilities within a shift with a positive mindset towards growth & upskilling Professional experience, skills & requirements ● 2+ years of hands on experience as part of a 24*7 Security Operations team OR a starter with equivalent degree/specialization in the area of Cyber Security with a proven project dealing in the new age landscape (SaaS platform Security, SecOps, API/Container Security, Threat Intel/Hunting, Vulnerability Management). ● Hands on experience or deep knowledge on usage of SIEM, SOAR, EDR ( modules like TI, VM, DLP) ● Exposure or experience in using any of CSPM tools (SentinelOne, Falcon Horizon, Wiz,Sysdig,Prisma cloud,MS Defender) ● Exposure or experience in assessing, interpreting & managing vulnerabilities using relevant tools. ● Knowledge of either AWS or GCP is must ● Should possess positive attitude to participate, own & drive tasks for POCs for various tools ● Understanding of risk framework ● Ability to assess emerging trends & threats in cyber security space ● Should possess good analytical, problem-solving, and interpersonal skills. Should be able to apply & provide logical reasoning ● Knowledge of NIST framework, OSINT standards, MITRE ATT&CK framework & cybersecurity incident lifecycle is an advantage. Beginner level of understanding is mandatory ● Mandatory to work in a 24/7 rotation shift & weekends ● Possess excellent command on communication in English being a good listener, speaker & reader Your success story will be: In the first 30 days you will ● Understand the roles & responsibilities of SOC team, in-scope vs out of scope tasks ● Read & understand SOPs, Policies & working procedures of the team ● Shadow peers in day to day work, overlook tickets, alerts, incidents, understand the current state of ongoing projects/enhancements etc In the next 30 days you will (60 days from start) ● Start owning incidents, tasks as independent contributor with a peer shadowing you ● Participate in incident related calls, cross team/department meetings ● Handle SIEM/SOAR/EDR events In the next 30 days you will(90 days from start) ● You will start documenting or tweaking existing SOPs, process document ● You will bear responsibilities of representing team in forums/meetings/discussions ● You will start managing shift alone when needed ● You will adapt yourself to service improvement mindset and contribute to overall success of the team More things you'll like about Bloomreach: Culture: - A great deal of freedom and trust. At Bloomreach we don’t clock in and out, and we have neither corporate rules nor long approval processes. This freedom goes hand in hand with responsibility. We are interested in results from day one. - We have defined our 5 values and the 10 underlying key behaviors that we strongly believe in. We can only succeed if everyone lives these behaviors day to day. We've embedded them in our processes like recruitment, onboarding, feedback, personal development, performance review and internal communication. - We believe in flexible working hours to accommodate your working style. - We work virtual-first with several Bloomreach Hubs available across three continents. - We organize company events to experience the global spirit of the company and get excited about what's ahead. - We encourage and support our employees to engage in volunteering activities - every Bloomreacher can take 5 paid days off to volunteer*. - The Bloomreach Glassdoor page elaborates on our stellar 4.4/5 rating. The Bloomreach Comparably page Culture score is even higher at 4.9/5 Personal Development: - We have a People Development Program -- participating in personal development workshops on various topics run by experts from inside the company. We are continuously developing & updating competency maps for select functions. - Our resident communication coach Ivo Večeřa is available to help navigate work-related communications & decision-making challenges.* - Our managers are strongly encouraged to participate in the Leader Development Program to develop in the areas we consider essential for any leader. The program includes regular comprehensive feedback, consultations with a coach and follow-up check-ins. - Bloomreachers utilize the $1,500 professional education budget on an annual basis to purchase education products (books, courses, certifications, etc.)* Well-being: - The Employee Assistance Program -- with counselors -- is available for non-work-related challenges.* - Subscription to Calm - sleep and meditation app.* - We organize ‘DisConnect’ days where Bloomreachers globally enjoy one additional day off each quarter, allowing us to unwind together and focus on activities away from the screen with our loved ones. - We facilitate sports, yoga, and meditation opportunities for each other. - Extended parental leave up to 26 calendar weeks for Primary Caregivers.* Compensation: - Restricted Stock Units or Stock Options are granted depending on a team member’s role, seniority, and location.* - Everyone gets to participate in the company's success through the company performance bonus.* - We offer an employee referral bonus of up to $3,000 paid out immediately after the new hire starts. - We reward & celebrate work anniversaries -- Bloomversaries!* (*Subject to employment type. Interns are exempt from marked benefits, usually for the first 6 months.) Excited? Join us and transform the future of commerce experiences! If this position doesn't suit you, but you know someone who might be a great fit, share it - we will be very grateful! Any unsolicited resumes/candidate profiles submitted through our website or to personal email accounts of employees of Bloomreach are considered property of Bloomreach and are not subject to payment of agency fees. #LI-Remote