Sr IT Engineer Cloud Security

Ulta Beauty, Inc.•Bolingbrook, IL

15h•Remote

About The Position

Live the experience. From professional empowerment to continual learning opportunities. From ongoing investment in new and emerging technologies to a career of self-determination. At Ulta Beauty, our tech team is critical to our scalability—and is recognized that way. We’ve been defined as a “mature start-up.” A place where interdepartmental exposure, open doors, and genuine collaboration is ubiquitous. Where challenges come fast and furious, requiring agility, mental dexterity, and creativity. Where our passion for better solutions drives us and is core to who we are. We’re engineering for the future of retail, and it’s no-holds-barred. But for those motivated by continual change and ambiguity, by superior leadership, by whip smart colleagues who will press you daily for your very best, you’ll find that virtually nothing’s impossible at Ulta Beauty.

Requirements

Bachelor’s degree in Computer Science, or related.
Five (5) years in any occupation with development or related experience.
Three (3) years development experience including scripting with Powershell, Python, YAML, WebService APIs.
Google Cloud Platform services, ensuring security and compliance data and workloads, including implementing IAM permissions in a least-privileged, yet scalable manner.
Cloud CSPM tools (Palo Alto Prisma Cloud) to detect, notify, and remediate security misconfigurations.
Experience integrating code scanning for vulnerabilities into CI/CD pipelines for Cloud Native deployments.
Experience with AD group structuring, Google Cloud Directory Sync (GCDS), and SAML 2 federated authentication.
Experience implementing architectural big data security patterns in a scalable and consistent manner.
Experience applying industry standard cyber security frameworks and vendor blueprints to business problems.
Technical and non-technical documentation including security standards, policies, guidelines, procedures, change documentation, enterprise end-user communications, technical knowledge articles, infrastructure diagrams, and process charts.
Security risks associated with SaaS services, their integration with legacy on-premise systems, and commonly associated security solutions.
Experience performing enterprise security risk assessments, selecting appropriate technical controls, liaising with business partners through the project lifecycle, and complete risk-acceptance handling of residual risks.
Experience designing, documenting, and implementing reusable security patterns.

Nice To Haves

Master’s degree in Computer Science, or related and three (3) years in any occupation with development or related experience.

Responsibilities

Develops procedures and documentation for applications support.
Manages application enhancements to improve business performance.
Advises on application security, licensing, upgrades, backups, and disaster recovery needs.
Ensures that all requests for support are dealt with according to set standards and procedures.
Analyzes business processes; evaluates alternative solutions, assesses feasibility, and recommends new approaches, typically seeking to exploit technology components.
Evaluates the financial, cultural, technological, organizational and environmental factors which must be addressed in the change program.
Develops business requirements for the implementation of significant changes in organizational mission, business functions and process, organizational roles and responsibilities, and scope or nature of service delivery.
Ensures that the business processes and information required to support the organization are defined and devises appropriate standards, processes and data architectures.
Evaluates the impact of any relevant statutory, internal or external regulations on the organization's use of information and develops strategies for compliance.
Ensures that appropriate action is taken to anticipate, investigate and resolve problems in systems and services.
Ensures that such problems are fully documented within the relevant reporting system(s).
Leads the development of problem solutions.
Coordinates the implementation of agreed remedies and preventative measures.
Evaluates patterns and trends.
Facilitates open communication and discussion between stakeholders, acting as a single point of contact by developing, maintaining and working to stakeholder engagement strategies and plans.
Negotiates with stakeholders at senior levels and ensures that organizational policy and strategies are adhered to.
Uses feedback from customers and stakeholders to help measure effectiveness of stakeholder management.
Contributes to the development and enhancement of customer and stakeholder relationships.
Partners with technical and non-technical team members to assess security risk in business solutions, across varied systems and landscapes.
Recommends, develops, deploys, and monitors appropriate mitigating controls.
Documents and socializes residual risk.
Collaborates with cloud experts and cloud novices through an infosec modernization of our cloud-native compute and data analytics platforms that rises to meet current threats.
Identifies analytical points of interest in raw data exports from security tooling and infrastructure systems, merging with other data sources, and build repeatable reports for management consumption.
Develops and deploys automated solutions to monitor, alert, and remediate security and compliance findings in public cloud infrastructure and deployed code.