Senior Security Engineer, Platform and IAM Support

Victoria’s Secret & Co is a world-leading specialty retail brand recognized globally for innovation and excellence in lingerie and fashion. The Senior Security Engineer will design, implement, and maintain secure identity and access solutions while collaborating with engineering teams to ensure robust access controls and support broader platform engineering efforts.

Responsibilities:

• Design and implementation of identity and access management solutions, including federated identity, SSO, RBAC, and lifecycle management
• Collaborate on the integration of IAM with cloud platforms (e.g., AWS, Azure), SaaS applications, and internal services
• Partner with security, DevOps, and application teams to enforce least privilege access, auditability, and compliance
• Build and maintain platform tooling to manage secrets, certificates, authentication, and authorization flows
• Automate IAM provisioning and de-provisioning using infrastructure-as-code and CI/CD pipelines
• Participate in incident response and root cause analysis related to identity or platform infrastructure
• Collaborate with lead engineers on operational support of security tools (Email Security, SASE, EDR, SIEM, etc.)
• Collaborate with lead engineers to integrate security best practices into CI/CD pipelines and cloud infrastructure (Azure, GCP)
• Assist in securing container platforms (e.g., Kubernetes, Docker) and infrastructure as code (Terraform, CloudFormation, etc.)
• Participate in threat modeling and security reviews of new infrastructure components
• Stay current with industry trends and threat landscapes related to identity security and platform resilience
• Collaborate with SOC and security analysts to investigate IAM-related incidents
• Develop scripts and automation (e.g., Python, PowerShell) to enhance identity workflows and platform security
• Monitor system logs, access events, and security alerts from IAM and cloud platforms
• Maintain documentation for IAM processes, security controls, and supported systems

Requirements:

• 6+ years related cybersecurity experience
• Experience with SailPoint ISE, CyberArk, PingIdentity, Directory Services, EntraAD
• Understanding of networking applications and multiple platforms
• Demonstrated knowledge of security controls in relation to authentication, authorization, privilege access management, identity governance
• Customer Service orientation
• Understanding of security controls and how they are used to detect and respond
• Ability to communicate technical issues to non-technical audiences across functions
• Ability to assess/evaluate/prioritize risk
• Ability to lead small (sometimes cross functional) teams/projects/programs
• Demonstratable shell scripting abilities. Bash, python, Powershell, .Net, Java
• Deep expertise in IAM technologies such as PingIdentity, Azure AD, GCP, or similar systems
• Strong understanding of authentication protocols (OAuth2, OIDC, SAML) and access control models (RBAC, ABAC, PBAC)
• Proficiency in infrastructure-as-code (Terraform, Pulumi) and automation tooling
• Experience with CI/CD systems (e.g., GitHub Actions, GitLab CI, Jenkins) and secrets management tools (e.g., CyberArk, HashiCorp Vault, Azure Secrets Manager)
• Solid background in cloud infrastructure (Azure, or GCP) and container orchestration (Kubernetes preferred)
• Familiarity with regulatory and compliance requirements (e.g., SOX, PCI) and how they relate to IAM
• Experience prioritizing work and/or managing a queue
• Bachelor's degree in Information Technology/Information Security or equivalent experience