Sr IT Engineer Cloud Security

Ulta Beauty, Inc.-posted about 1 month ago
Full-time • Mid Level
Hybrid • Bolingbrook, IL
5,001-10,000 employees
Health and Personal Care Retailers
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

Live the experience. From professional empowerment to continual learning opportunities. From ongoing investment in new and emerging technologies to a career of self-determination. At Ulta Beauty, our tech team is critical to our scalability-and is recognized that way. We've been defined as a "mature start-up." A place where interdepartmental exposure, open doors, and genuine collaboration is ubiquitous. Where challenges come fast and furious, requiring agility, mental dexterity, and creativity. Where our passion for better solutions drives us and is core to who we are. We're engineering for the future of retail, and it's no-holds-barred. But for those motivated by continual change and ambiguity, by superior leadership, by whip smart colleagues who will press you daily for your very best, you'll find that virtually nothing's impossible at Ulta Beauty. You'll be a key contributor in automating and enforcing cloud security across Ulta Beauty's GCP ecosystem - building guardrails, securing workloads, and integrating real-time detection and remediation capabilities to keep our cloud environments safe and compliant at scale. Ulta Beauty is seeking a Senior Cloud Security Engineer with deep, hands-on experience in securing and automating workloads within Google Cloud Platform (GCP). This role is responsible for implementing and maintaining scalable security controls, integrating security into CI/CD pipelines, and automating monitoring and remediation processes to protect data, identities, and workloads across cloud environments. The ideal candidate has strong technical depth in GCP IAM, network security, and workload protection, with a focus on execution and automation, not architecture or solution design.

  • Configure, deploy, and maintain data and infrastructure security controls across GCP and Azure environments (projects, folders, and org-level).
  • Design and enforce Identity and Access Management (IAM) configurations - roles, service accounts, and permissions - following least-privilege and zero-trust principles.
  • Implement network security measures such as firewall rules, VPC Service Controls, Private Service Connect, and secure interconnects to safeguard data in motion.
  • Secure GCP and Azure services including Cloud Storage, GKE, Cloud SQL, Pub/Sub, Cloud Functions, and Dataflow with a focus on data confidentiality and workload isolation.
  • Implement data encryption and key management strategies using Cloud KMS, CMEK, and HSM integrations.
  • Automate configuration baselines, guardrails, and policy enforcement using Terraform, Cloud Build, or Deployment Manager.
  • Integrate cloud-native security tools (Security Command Center, Cloud Logging, Cloud Monitoring) for visibility, compliance, and anomaly detection.
  • Develop automation scripts and tooling (Python, PowerShell, Go) to detect, notify, and remediate misconfigurations or security drift.
  • Build and maintain CI/CD integrations for vulnerability scanning, policy validation, and data protection controls.
  • Use APIs and SDKs to connect cloud security data to central logging, SIEM, or analytics platforms (Chronicle, Splunk, Elastic).
  • Implement automated workflows for security posture management, access reviews, and incident response.
  • Configure and tune alerts from CSPM tools (e.g., Prisma Cloud, Wiz) and GCP-native monitoring solutions for network and IAM anomalies.
  • Respond to cloud-related security incidents, including unauthorized access, network exposure, or data exfiltration attempts, by isolating resources and applying remediation.
  • Develop and maintain detection logic and dashboards to visualize network flows, IAM changes, and workload health.
  • Participate in post-incident reviews to strengthen controls for IAM, encryption, and workload security.
  • Execute security assessments on cloud workloads, data storage, network segmentation, and CI/CD processes.
  • Enforce compliance baselines (CIS, NIST 800-53, Google Blueprint standards) through automated policy checks and reporting.
  • Document security controls, policies, and exceptions with clear technical evidence and audit readiness.
  • Evaluate and report on data security risks, IAM misconfigurations, and network exposure across cloud environments.
  • Partner with DevOps, Infrastructure, and Application teams to embed security into pipelines, networks, and workloads.
  • Provide technical guidance on secure networking, identity federation, workload segmentation, and encryption.
  • Support operational troubleshooting for GCP IAM, firewall rules, policy enforcement, and resource access issues.
  • Participate in on-call rotations or off-hours support for security incidents, vulnerability patching, and data protection reviews.
  • 5+ years of experience in cloud security engineering, cloud operations, or DevSecOps (GCP preferred)
  • Hands-on GCP expertise with strong understanding of IAM, networking, KMS, audit logging, and policy enforcement.
  • Strong scripting proficiency in Python, PowerShell, or similar languages.
  • Experience automating with Terraform, Cloud SDK, or GCP API integrations.
  • Familiarity with CI/CD tools (Jenkins, GitLab, Cloud Build) and integrating security scanning (e.g., Snyk, Trivy).
  • Experience with CSPM solutions (Prisma Cloud, Wiz, Orca) and log analysis tools (Chronicle, Splunk, or Elastic).
  • Working knowledge of federated identity, SAML, and Google Cloud Directory Sync (GCDS).
  • Strong understanding of cloud security frameworks (CIS GCP, NIST CSF, ISO 27001).
  • Strong troubleshooting and analytical mindset with attention to detail.
  • Comfortable working in fast-moving cloud environments with minimal supervision.
  • Excellent communication skills with both technical and non-technical teams.
  • Highly accountable and proactive - able to identify risks before failures occur.
  • Google Cloud Certified - Professional Security Engineer
  • ISC² CISSP or CCSP
  • ISACA CISM, CISA, or equivalent
  • Experience with container security (GKE, Artifact Registry, or Cloud Run)
  • Full-time positions are eligible for paid time off, health, dental, vision, life and disability benefits.
  • Part-time positions are eligible for dental, vision, life, and disability benefits.
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Cloud Security Engineer Resume Examples
Cloud Security Engineer Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service