Lead Security Analyst, Purple Team

Lead Security Analyst, Purple Team

Victoria’s Secret & Co. is seeking a highly skilled and collaborative Purple Team Lead to build and lead our internal purple team function. The Lead Security Analyst – Purple Team Lead works within the Information Security Incident Response in Information Technology and will bridge offensive and defensive security capabilities, driving proactive detection, response readiness, and team development across the enterprise.

• Establish and lead a dedicated purple team to align red and blue team efforts.
• Conduct advanced penetration tests on networks, infrastructure, and applications to identify risks and validate defenses.
• Collaborate with defensive teams to enhance detection rules, incident response playbooks, and alert fidelity.
• Design and run technical tabletop exercises for IT and security stakeholders, simulating real‑world attack scenarios.
• Mentor junior team members in both offensive and defensive security disciplines.
• Work cross‑functionally with infrastructure, application, and Dev Ops teams to embed security into operations.
• Document and communicate findings clearly, with actionable remediation strategies for both technical and non‑technical audiences.

$

$

Your Experience

• 8+ years experience in Cybersecurity Technologies.
• 3–5 years of experience conducting penetration testing (network, application, cloud). Hybrid offensive skillset preferred.
• 3–5 years of experience defending enterprise environments (SIEM, EDR, firewall, WAF, etc.).
• Demonstrated hands‑on expertise and impact in similar roles in fast‑paced, complex environments.
• Strong understanding of MITRE ATT&CK framework, threat emulation, and detection engineering.
• Experience with tools like Cobalt Strike, Metasploit, Burp Suite, Blood Hound, and modern EDR/XDR platforms.
• Skilled in scripting and automation (Python, Power Shell, Bash).
• Proven leadership or mentoring experience in cybersecurity teams.
• Ability to communicate and engage effectively at all levels of the organization within IT and with non‑IT stakeholders.

Preferred Experience

• Experience in building purple team programs from the ground up.
• Familiarity with cyber threat intelligence and TTP development.
• Relevant certifications (e.g., OSCP, GXPN, CISSP, GCIA, GCIH).
• Experience working in or securing retail environments, including POS systems, eCommerce platforms, and distributed IT infrastructure.

Education

• Bachelor’s degree in Information Technology or equivalent experience.

This is a hybrid position and requires candidates to reside within a reasonable commuting distance to our Reynoldsburg office for weekly onsite work.

We will consider for employment all qualified applicants, including those with arrest records, conviction records, or other criminal histories, in a manner consistent with the requirements of any applicable state and local laws. An equal opportunity employer, we do not discriminate in hiring or terms and conditions of employment because of an individual’s race, color, religion, gender, gender identity, national origin, citizenship, age, disability, sexual orientation, marital status or any other protected category recognized by state, federal or local laws.

We only hire individuals authorized for employment in the United States.