QVC Group has been running live commerce since 1986 - long before anyone called it that. Today it operates 15 television networks reaching more than 200 million homes globally, spanning the US, UK, Germany, Japan, Italy, Poland, and China. The company's model is video-first retail across multiple platforms and screens, which means the attack surface isn't just a website - it's broadcast infrastructure, real-time transaction pipelines, customer data at scale across international jurisdictions, and the social commerce layer on top of all of it.
The threat model here is wide: payment fraud targeting live purchase flows, content injection into live video systems, credential stuffing across accounts linked to phone orders, web, and mobile. There's also the regulatory perimeter - GDPR in Europe, data localization requirements in China, and PCI-DSS everywhere transactions happen. Security teams operating in this environment need to think about uptime with broadcast-level SLAs, because a live shopping event going dark isn't just downtime - it's lost revenue by the second.
From a technical standpoint, this is a global e-commerce and media operation rolled into one. The security work spans network defense across broadcast and IT environments, application security for commerce platforms, identity and access management across a workforce that includes on-air talent, fulfillment, and corporate functions, and incident response calibrated to the speed of live television. If you're looking for a role where the blast radius is measured in millions of concurrent viewers and real-time transactions, this is the operating environment.