Victoria’s Secret & Co. is a world-leading specialty retail brand recognized globally for innovation and excellence in lingerie and fashion. The Security Engineer will design, build, and maintain secure infrastructure while collaborating with various teams to mitigate risks and protect corporate data.
Responsibilities:
- Collaborate with lead engineers on operational support of security tools (Email Security, SASE, EDR, SIEM, etc.)
- Collaborate with lead engineers to integrate security best practices into CI/CD pipelines and cloud infrastructure (Azure, GCP, etc.)
- Ability to drive design and implementation of cloud security tools (CSPM, CNAPP, etc.)
- Assist in securing, engineering and administrating privacy and data security platforms
- Participate in threat modeling and security reviews of new infrastructure components
- Stay current with industry trends and threat landscapes related to platform resilience
- Collaborate with SOC and security analysts to investigate incidents
- Develop scripts and automation (e.g., Python, PowerShell) to enhance platform workflows and security
- Monitor system logs, access events, and security alerts from security controls and cloud platforms
- Maintain documentation for processes, security controls, and supported systems
- Serve as a subject-matter expert for platform security incidents, providing tier-3 support for escalations
- Monitor, triage, and respond to security alerts from SIEM, EDR, CSPM, and vulnerability management tools
- Build monitoring, alerting, and detection logic for anomalous data access and exfiltration
- Integrate data protection controls into CI/CD and infrastructure-as-code workflows
- Develop runbooks, automation scripts, and self-service tooling to streamline secure data operations
- Drive continuous improvement in security automation, observability, and reliability
- Document processes, runbooks, and security standards across infrastructure services
Requirements:
- 3+ years in Security Engineering, Cloud Security, Platform Engineering, or related roles
- Relevant experience with at least one major cloud provider (AWS, GCP, Azure)
- Solid understanding of networking fundamentals and cloud-native security models
- Experience with security monitoring tools (SIEM/EDR/CSPM) and vulnerability management
- Skilled in scripting languages (Python, Go, Bash, PowerShell)
- Ability to work independently and learn new concepts quickly
- Proven track record in identifying and resolving moderate to complex technical problems and processes and clearly communicate to technical staff when escalating issues
- Ability to communicate technical issues to technical and non-technical partners
- Process oriented and logical mind that can help shape new and improve existing processes
- Understanding of security controls and risk management
- Ability to assess/evaluate/prioritize risk
- Bachelor's degree in Information Technology/Security, or equivalent experience