Senior Security Analyst – Purple Team

Description

Your Role

The Senior Security Analyst – Purple Team works within the Information Security Incident Response team in Information Technology. Victoria’s Secret is seeking a highly skilled and collaborative Purple Team member to build out our internal purple team function focusing on identifying detection gaps, strengthening defensive controls, and validating response readiness.

This role will bridge offensive and defensive security capabilities, driving proactive detection, response readiness, and team development across the enterprise.

This individual must bring hands-on penetration testing experience and a solid track record defending enterprise infrastructure and applications. The ideal candidate is a mentor by nature, passionate about uplifting team capabilities, and eager to lead engaging technical tabletop exercises that strengthen the company’s cyber resilience.

Your Impact
• Establish a dedicated purple team to align red and blue team efforts.
• This role is responsible for developing a sustainable purple team program, including planning, execution, measurement, and continuous improvement of adversary emulation and detection validation activities.
• Conduct advanced penetration tests on networks, infrastructure, and applications to identify risks and validate defenses.
• Collaborate with defensive teams to enhance detection rules, incident response playbooks, and alert fidelity.
• Design and run technical tabletop exercises for IT and security stakeholders, simulating real-world attack scenarios; guided by curated cyber threat intelligence.
• Mentor junior team members in both offensive and defensive security disciplines.
• Work cross-functionally with infrastructure, application, and DevOps teams to embed security into operations.
• Document and communicate findings clearly, with actionable remediation strategies for both technical and non-technical audiences.
• Perform adversary-specific attack simulation of common Threat Actor TTPs.
• Build and maintain a purple team roadmap, aligned to organizational risk.
• Develop automated purple teaming / detection validation pipelines (e.g., using CALDERA, Atomic Red Team, or custom scripts).
• Perform continuous security control validation across EDR, SIEM, IAM, cloud, and network security controls.
• Deliver measurable improvements to detection coverage and response readiness.
• Integrate purple team outputs into security engineering and SOC processes.
• Partner with CTI to convert intelligence into actionable emulation plans.
• Work with leadership to define and track metrics (e.g., detection coverage, detection depth, time-to-detect, time-to-respond) to demonstrate program maturity.

Click here for benefit details related to this position.

Apply tot his job

Apply To this Job

Ready to Apply?

Don't miss out on this amazing opportunity!