Senior Security Analyst - Purple Team

Your Role

The Senior Security Analyst - Purple Team works within the Information Security Incident Response team in Information Technology. Victoria's Secret is seeking a highly skilled and collaborative Purple Team member to build out our internal purple team function focusing on identifying detection gaps, strengthening defensive controls, and validating response readiness.

This role will bridge offensive and defensive security capabilities, driving proactive detection, response readiness, and team development across the enterprise.

This individual must bring hands-on penetration testing experience and a solid track record defending enterprise infrastructure and applications. The ideal candidate is a mentor by nature, passionate about uplifting team capabilities, and eager to lead engaging technical tabletop exercises that strengthen the company's cyber resilience.

Your Impact

Establish a dedicated purple team to align red and blue team efforts.

This role is responsible for developing a sustainable purple team program, including planning, execution, measurement, and continuous improvement of adversary emulation and detection validation activities.

Conduct advanced penetration tests on networks, infrastructure, and applications to identify risks and validate defenses.

Collaborate with defensive teams to enhance detection rules, incident response playbooks, and alert fidelity.

Design and run technical tabletop exercises for IT and security stakeholders, simulating real-world attack scenarios; guided by curated cyber threat intelligence.

Mentor junior team members in both offensive and defensive security disciplines.

Work cross-functionally with infrastructure, application, and DevOps teams to embed security into operations.

Document and communicate findings clearly, with actionable remediation strategies for both technical and non-technical audiences.

Perform adversary-specific attack simulation of common Threat Actor TTPs.

Build and maintain a purple team roadmap, aligned to organizational risk.

Develop automated purple teaming / detection validation pipelines (e.g., using CALDERA, Atomic Red Team, or custom scripts).

Perform continuous security control validation across EDR, SIEM, IAM, cloud, and network security controls.

Deliver measurable improvements to detection coverage and response readiness.

Integrate purple team outputs into security engineering and SOC processes.

Partner with CTI to convert intelligence into actionable emulation plans.

Work with leadership to define and track metrics (e.g., detection coverage, detection depth, time-to-detect, time-to-respond) to demonstrate program maturity. Click here for benefit details related to this position.

Your Experience

No formal degree required. Demonstrated hands-on expertise and impact in similar roles is valued above formal education.

2-5 years of experience conducting penetration testing (network, application, cloud).

1-3 years of experience defending enterprise environments (SIEM, EDR, firewall, WAF, etc.).

Strong understanding of MITRE ATT&CK framework, threat emulation, and detection engineering.

Experience with tools like Cobalt Strike, Metasploit, Burp Suite, BloodHound, and modern EDR/XDR platforms.

Skilled in scripting and automation (Python, PowerShell, Bash).

Proven leadership or mentoring experience in cybersecurity teams.

Experience authoring detection logic (SIEM queries, EDR detection rules, Sigma, YARA).

Experience with attack simulation frameworks.

Familiarity with Windows internals, AD exploitation, and cloud attack paths.

Understanding of kill chain analysis and cyber threat modeling (MITRE ATT&CK, D3FEND, Diamond Model).

Excellent communication and collaboration skills. Preferred Qualifications:

Experience in prior purple team operations, with the ability to build new processes to deliver a purple team program.

Familiarity with cyber threat intelligence and operationalization of CTI.

Relevant certifications (e.g., OSCP, GXPN, CISSP, GCIA, GCIH).

Experience working in or securing retail environments, including POS systems, eCommerce platforms, and distributed IT infrastructure.

Experience with cloud security attack/defense (Azure, GCP, AWS).

Hands-on with security automation platforms or scripting frameworks. Experience with purple team tooling like:

MITRE CALDERA

Atomic Red Team

SCYTHE

Prelude Operator

Infection Monkey

We will consider for employment all qualified applicants, including those with arrest records, conviction records, or other criminal histories, in a manner consistent with the requirements of any applicable state and local laws. Please see links: California Fair Chance Act, Los Angeles Fair Chance Initiative for Hiring Ordinance, Philadelphia Fair Chance Law, San Francisco Fair Chance Ordinance, Los Angeles County Fair Chance Ordinance

An equal opportunity employer, we do not discriminate in hiring or terms and conditions of employment because of an individual's race, color, religion, gender, gender identity, national origin, citizenship, age, disability, sexual orientation, marital status or any other protected category recognized by state, federal or local laws. We only hire individuals authorized for employment in the United States.