Senior Security Analyst – Purple Team

Position Title: Senior Security Analyst – Purple Team

Your Role

The Senior Security Analyst – Purple Team works within the Information Security Incident Response team in Information Technology. Victoria’s Secret is seeking a highly skilled and collaborative Purple Team member to build out our internal purple team function focusing on identifying detection gaps, strengthening defensive controls, and validating response readiness

. This role will bridge offensive and defensive security capabilities, driving proactive detection, response readiness, and team development across the enterprise.

This individual must bring hands-on penetration testing experience and a solid track record defending enterprise infrastructure and applications. The ideal candidate is a mentor by nature, passionate about uplifting team capabilities, and eager to lead engaging technical tabletop exercises that strengthen the company’s cyber resilience.

Why You Belong Here

At Victoria’s Secret & Co, you’ll join a world-leading specialty retail brand recognized globally for innovation and excellence in lingerie and fashion. You’ll work alongside industry leaders to set the standard for what a retail brand can achieve, placing customers at the center of everything we do to create products and experiences that bring them joy.

We believe everyone deserves a place where they truly belong. We celebrate individuality and know that your passion, experience, and unique perspective strengthen our team and business. Here, you’ll be empowered to perform, grow, and engage through unmatched opportunities to develop your skills, gain real-world experience, and learn from the best in the business.

Your Impact

• Establish a dedicated purple team to align red and blue team efforts.

• This role is responsible for developing a sustainable purple team program, including planning, execution, measurement, and continuous improvement of adversary emulation and detection validation activities.

• Conduct advanced penetration tests on networks, infrastructure, and applications to identify risks and validate defenses.

• Collaborate with defensive teams to enhance detection rules, incident response playbooks, and alert fidelity.

• Design and run technical tabletop exercises for IT and security stakeholders, simulating real-world attack scenarios; guided by curated cyber threat intelligence.

• Mentor junior team members in both offensive and defensive security disciplines.

• Work cross-functionally with infrastructure, application, and DevOps teams to embed security into operations.

• Document and communicate findings clearly, with actionable remediation strategies for both technical and non-technical audiences.

• Perform adversary-specific attack simulation of common Threat Actor TTPs.

• Build and maintain a purple team roadmap, aligned to organizational risk.

• Develop automated purple teaming / detection validation pipelines (e.g., using CALDERA, Atomic Red Team, or custom scripts).

• Perform continuous security control validation across EDR, SIEM, IAM, cloud, and network security controls.

• Deliver measurable improvements to detection coverage and response readiness.

• Integrate purple team outputs into security engineering and SOC processes.

• Partner with CTI to convert intelligence into actionable emulation plans.

• Work with leadership to define and track metrics (e.g., detection coverage, detection depth, time-to-detect, time-to-respond) to demonstrate program maturity.

Click here for benefit details related to this position.