AppSec Jobs
← Back to all jobs

Victoria's Secret & Co.

Senior Security Engineer

Bengaluru, Karnataka, IndiaWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Victoria's Secret & Co.

Victoria's Secret & Co. is a well-known American retailer that specializes in lingerie, clothing, and beauty products. Founded in 1977 by Roy Raymond and his wife Gaye, the company aimed to create a more inviting shopping experience for lingerie, particularly for men. The original stores featured a Victorian-era design, emphasizing elegance and exclusivity. The company offers a variety of products, including bras, panties, sleepwear, and intimate apparel that blend comfort with style. Additionally, Victoria's Secret provides women's clothing, activewear, and beauty products such as fragrances and cosmetics. The PINK brand, launched in 2002, focuses on casual clothing and lingerie for teenagers and young women. Victoria's Secret has built a strong customer base, appealing to women of all ages and men looking for gifts, and has established itself as a leading lingerie retailer in the U.S. and beyond.

Industry

retail

Employees

31,000

460 engineers

Revenue

$6.2B

Website

Visit →

Security at Victoria's Secret & Co.

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Victoria's Secret's AppSec philosophy emphasizes integrating security best practices into the CI/CD pipeline and cloud infrastructure, participating in threat modeling, and conducting thorough project security assessments.
  • They also focus on educating teams about secure design principles and defensive programming.
  • The company is involved in advanced risk-quantification efforts, specifically as a design partner in the development of the FAIR Control Analytics Model (CAM) with SAFE, indicating a risk-based approach to security.

Security Team

Victoria's Secret & Co.'s SVP, CISO Mark Tomallo is a key public-facing leader involved in risk-management practices and FAIR participation. Public information regarding the AppSec team's organizational structure, reporting lines, or estimated team size is not publicly available. No public evidence was found for a named 'Security Champions' program.

Key Initiatives

Victoria's Secret's AppSec initiatives include integrating security best practices into CI/CD pipelines and cloud infrastructure, participating in threat modeling and security reviews for new infrastructure components, and conducting thorough project security assessments, including risk analysis, penetration testing coordination, and vulnerability reviews. They also educate teams on secure design principles. The company publicly addressed a security incident in May 2025. No public evidence was found for a named 'Security Champions' program.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.