Security Analyst
Marque: Victoria's Secret
Emplacement: Bengaluru, Karnataka, IN
Domaines d’emploi: Information Technology
Type d’emploi: Full-time
Job ID: 04KJY
POSITION DESCRIPTION
JOB TITLE: Security Analyst
DEPARTMENT: Information Security
REPORTS TO: Manager, Information Security
OVERVIEW:
Security Analyst works within global information security function and will be responsible for attack surface management, continuous vulnerability management and Pentest of our crown jewel infrastructure. Candidate will be responsible for ensuring the security and integrity of our infrastructure by identifying, assessing, and mitigating vulnerabilities across various environments.
RESPONSIBILITIES:
• Perform vulnerability assessments and Pentest across cloud and on-premises infrastructure, including networks, servers, databases, and applications.
• Research, track, and drive remediation plan for zero-day vulnerabilities applicable for VS&Co environment
• Ensure the security of cloud-based environments (AWS, Azure, GCP) by identifying and addressing vulnerabilities specific to cloud infrastructure.
• Collaborate with cloud infra team to integrate security best practices into cloud architecture and operations such as update cloud security configurations, ensuring alignment with industry standards and organizational policies.
• Implement and manage attack surface management tools and processes to continuously monitor and reduce the organization’s attack surface.
• Identify and assess potential external threats and exposures across all digital assets, including cloud and on-premises infrastructure.
• Oversee and manage continuous penetration testing initiatives to identify and exploit vulnerabilities in real-time.
• Collaborate with ethical hackers and third-party vendors to conduct regular pen tests on infrastructure, applications, and cloud environments.
• Provide expertise in investigating and analyzing the root causes of vulnerabilities and recommending solutions to prevent recurrence.
• Monitor security tools and dashboards for potential threats, and initiate proactive measures to mitigate risks.
• Identify, prioritize, and track remediation of vulnerabilities based on risk and potential impact to the organization.
• Communicate vulnerability status, risks, and remediation plans to relevant stakeholders, including senior management.
• Stay up-to-date with the latest vulnerability management tools, attack surface management techniques, continuous penetration testing strategies, and industry trends.
QUALIFICATIONS:
• 5-7 years of experience in infrastructure vulnerability management and Pentest
• Proven experience in vulnerability management and Pentest for cloud and on-premises infrastructure
• Strong understanding of cloud platforms (AWS, Azure, GCP) and their security features.
• Proficiency in vulnerability scanning tools (e.g., Qualys, Nessus, Tenable and penetration testing tools (e.g., Metasploit, Burp Suite, Kali Linux).
• Knowledge of networking concepts, firewalls, IDS/IPS, and endpoint protection.
• Familiarity with compliance frameworks (e.g., ISO 27001, NIST, GDPR) and regulatory requirements
• Experience with Risk Assessment on systems, applications, and Active Directory
• Experience with Windows/Linux OS, Database compliance policy and configuration with CIS
• Good understanding of Cloud Infrastructure
• Strong verbal and written communication skills
• Ability to communicate technical issues to non-technical audiences
EDUCATION:
• Bachelor’s degree in Information Technology/Information Security or equivalent experience in technology
Security certifications preferred such as: Certified Ethical Hacker (CEH)
Offensive Security Certified Professional (OSCP)
AWS Certified Security – Specialty

