lululemon Staff Engineer - Cyber Security Operations

Description & Requirements

who we are

lululemon is an innovative performance apparel company for yoga, running, training, and other athletic pursuits. We create products and experiences that enable people to live active, mindful lives. Our success is driven by innovative products, strong community connections, and an unwavering commitment to our people. We are committed to building an equitable, inclusive, and growth-focused environment where everyone can thrive

about this team

The Cyber Security Operations team enables lululemon to operate securely at global scale by identifying, analyzing, and reducing cybersecurity risk across the organization. The team spans Threat Detection and Response, Incident Response, Threat Intelligence and Exposure Management.

a day in the life

As a Staff Engineer, you are a senior technical individual contributor who leads complex, cross-functional security analyses and initiatives while shaping how security risk is understood and managed at scale. You apply deep expertise across governance, risk management, compliance, threat analysis, and operational security to evaluate sophisticated risks, anticipate emerging issues, and design durable solutions that strengthen enterprise security posture.

This role operates at an organization-wide level of influence. You serve as a trusted advisor to technology, legal, privacy, risk, and business stakeholders, helping embed security into processes, platforms, and decision-making. You also mentor analysts at all levels and contribute to advancing the maturity, consistency, and effectiveness of information security operations.

core responsibilities

• Lead complex security analyses, assessments, and investigations to measurably reduce organizational risk and strengthen overall security posture across multiple cybersecurity domains.
• Deliver high quality analysis, documentation, issue management, and cross-functional coordination while conducting advanced evaluations in governance, compliance, operations, investigations, vulnerability management, and issue management.
• Develop, refine, and scale security processes, standards, and frameworks-including governance workflows, risk methodologies, compliance processes, and assessment models-that support multiple teams and functions.
• Provide clear, risk informed guidance that translates technical security findings into business relevant insights for both technical and nontechnical stakeholders.
• Mentor junior and intermediate analysts to elevate analytical rigor, judgment, and overall security capability across the team.
• Lead or coordinate cross-functional reviews, investigations, and remediation efforts, ensuring root causes are identified and corrective actions are well-defined and effectively implemented.
• Synthesize insights from assessments, evidence, operational data, architecture documentation, and control reviews to identify systemic issues, trends, and emerging risks. Partner with Technology, Risk, Compliance, Legal, Privacy, Architecture, and Operations to strengthen controls and refine workflows.
• Contribute to metrics, dashboards, and reporting that enhance visibility into security posture and risk trends, identify opportunities to improve governance, efficiency, and scalability, and lead post-incident and post-issue reviews to drive organizational resilience.

qualifications

• Minimum 10 years of experience in information security, security operations, risk management, or closely related domains.
• Deep experience conducting risk-based security analysis, investigations, assessments, and issue remediation across enterprise environments.
• Strong working knowledge of security and risk frameworks (e.g., NIST CSF, ISO 27001, CIS Controls).
• Demonstrated ability to influence outcomes and architecture without formal people management responsibility.
• Excellent written and verbal communication skills, with the ability to explain complex security concepts to diverse audiences.

must haves

• Acknowledge the presence of choice in every moment and take personal responsibility for your life.
• Possess an entrepreneurial spirit and continuously innovate to achieve great results.
• Communicate with honesty and kindness and create the space for others to do the same.
• Lead with courage, knowing the possibility of greatness is bigger than the fear of failure.
• Foster connection by putting people first and building trusting relationships.
• Integrate fun and joy as a way of being and working, aka doesn't take yourself too seriously.

additional notes
Authorization to work in Canada is required for this role.

compensation and benefits package

lululemon's compensation offerings are grounded in a pay-for-performance philosophy that recognizes exceptional individual and team performance. The typical hiring range for this position is from $148,000 - $194,000 annually ; the base pay offered is based on market location and may vary depending on job-related knowledge, skills, experience, and internal equity. As part of our total rewards offering, permanent employees in this position may be eligible for our competitive annual bonus program and, subject to program eligibility requirements.

At lululemon, investing in our people is a top priority. We believe that when life works, work works. We strive to be the place where inclusive leaders come to develop and enable all to be well. Recognizing our teams for their performance and dedication, other components of our total rewards offerings include support of career development, wellbeing, and personal growth:

• Extended health and dental benefits, and mental health plans
• Paid time off
• Savings and retirement plan matching
• Generous employee discount
• Fitness & yoga classes
• Parenthood top-up
• Extensive catalog of development course offerings
• People networks, mentorship programs, and leadership series (to name a few)

Note: The incentive programs, benefits, and perks have certain eligibility requirements. The Company reserves the right to alter these incentive programs, benefits, and perks in whole or in part at any time without advance notice.


workplace arrangement

Hybrid

In-person collaboration and connection is important to our culture. Work is performed onsite, minimum 4 days per week.

#LI-CM1