UB
Senior IT Engineer - Cloud Security
Ulta BeautyDevOpsOnsite • Bolingbrook, Illinois, Remington Boulevard$102k-145kPosted 2 days ago
Job Description
At Ulta Beauty, we are dedicated to empowering our employees and fostering ongoing learning within a collaborative environment. As a recognized leader in the beauty retail sector, we pride ourselves on being a mature start-up, where interdepartmental collaboration thrives and challenges are embraced. We seek innovative minds to join our technology team as we engineer the future of retail. With a hybrid working model, we offer a competitive salary ranging from $102,900 to $145,000 per year, complemented by a bonus plan and a comprehensive benefits package including health, dental, vision, and paid time off. Join us on our mission to enhance the beauty experience across our extensive network of stores and online platforms.
- Over 5 years of experience in cloud security engineering, cloud operations, or DevSecOps, preferably with Google Cloud Platform (GCP)
- Proven hands-on expertise in GCP IAM, networking, KMS, audit logging, and policy enforcement
- Strong scripting skills in Python, PowerShell, or similar programming languages
- Experience in automation with Terraform, Cloud SDK, or GCP API integrations
- Familiarity with CI/CD tools such as Jenkins, GitLab, or Cloud Build and integrating security scanning tools (e.g., Snyk, Trivy)
- Experience with Cloud Security Posture Management (CSPM) solutions (Prisma Cloud, Wiz, Orca) and log analysis tools (Chronicle, Splunk, or Elastic)
- Knowledge of federated identity, SAML, and Google Cloud Directory Sync (GCDS)
- Strong understanding of cloud security frameworks including CIS GCP, NIST CSF, and ISO 27001
- Preferred certifications: Google Cloud Certified - Professional Security Engineer, ISC CISSP or CCSP, ISACA CISM, CISA, or equivalent
- Experience in container security (GKE, Artifact Registry, or Cloud Run)
- Excellent troubleshooting and analytical skills with a keen attention to detail
- Ability to thrive in fast-paced cloud environments with minimal supervision
- Exceptional communication abilities, effectively engaging with both technical and non-technical stakeholders
- Highly accountable, proactive, and capable of identifying potential risks before they lead to failures
- Contribute significantly to automating and enforcing cloud security across Ulta Beautys GCP ecosystem by establishing guardrails and securing workloads
- Implement and maintain scalable security controls while integrating security into CI/CD pipelines
- Automate monitoring and remediation processes to ensure data, identities, and workloads are protected within cloud environments
- Configure, deploy, and sustain data and infrastructure security controls in GCP and Azure
- Design and implement Identity and Access Management (IAM) configurations adhering to least-privilege and zero-trust principles
- Apply network security measures including firewall rules and secure interconnects to protect data in motion
- Safeguard GCP services with a focus on data confidentiality and workload isolation
- Develop encryption and key management strategies utilizing Cloud KMS and HSM integrations
- Automate configuration baselines and policy enforcement using tools such as Terraform and Cloud Build
- Integrate cloud-native security tools to enhance visibility, compliance, and anomaly detection
- Create automation scripts to detect and remedy misconfigurations or security drift
- Build and manage CI/CD integrations for vulnerability scanning and data protection
- Configure alerts from CSPM tools and GCP-native monitoring for network and IAM anomalies
- Respond promptly to cloud security incidents by isolating resources and applying necessary remediation
- Conduct security assessments of cloud workloads and enforce compliance baselines through automated checks
- Document security controls, policies, and exceptions to maintain audit readiness
- Collaborate with DevOps, Infrastructure, and Application teams to embed security within pipelines and workloads
- Provide technical support in troubleshooting GCP IAM, firewall rules, and policy enforcement
- Participate in on-call rotations for security incidents and vulnerability patching
- Over 5 years of experience in cloud security engineering, cloud operations, or DevSecOps, preferably with Google Cloud Platform (GCP)
- Proven hands-on expertise in GCP IAM, networking, KMS, audit logging, and policy enforcement
- Strong scripting skills in Python, PowerShell, or similar programming languages
- Experience in automation with Terraform, Cloud SDK, or GCP API integrations
- Familiarity with CI/CD tools such as Jenkins, GitLab, or Cloud Build and integrating security scanning tools (e.g., Snyk, Trivy)
- Experience with Cloud Security Posture Management (CSPM) solutions (Prisma Cloud, Wiz, Orca) and log analysis tools (Chronicle, Splunk, or Elastic)
- Knowledge of federated identity, SAML, and Google Cloud Directory Sync (GCDS)
- Strong understanding of cloud security frameworks including CIS GCP, NIST CSF, and ISO 27001
- Preferred certifications: Google Cloud Certified - Professional Security Engineer, ISC CISSP or CCSP, ISACA CISM, CISA, or equivalent
- Experience in container security (GKE, Artifact Registry, or Cloud Run)
- Excellent troubleshooting and analytical skills with a keen attention to detail
- Ability to thrive in fast-paced cloud environments with minimal supervision
- Exceptional communication abilities, effectively engaging with both technical and non-technical stakeholders
- Highly accountable, proactive, and capable of identifying potential risks before they lead to failures
- Contribute significantly to automating and enforcing cloud security across Ulta Beautys GCP ecosystem by establishing guardrails and securing workloads
- Implement and maintain scalable security controls while integrating security into CI/CD pipelines
- Automate monitoring and remediation processes to ensure data, identities, and workloads are protected within cloud environments
- Configure, deploy, and sustain data and infrastructure security controls in GCP and Azure
- Design and implement Identity and Access Management (IAM) configurations adhering to least-privilege and zero-trust principles
- Apply network security measures including firewall rules and secure interconnects to protect data in motion
- Safeguard GCP services with a focus on data confidentiality and workload isolation
- Develop encryption and key management strategies utilizing Cloud KMS and HSM integrations
- Automate configuration baselines and policy enforcement using tools such as Terraform and Cloud Build
- Integrate cloud-native security tools to enhance visibility, compliance, and anomaly detection
- Create automation scripts to detect and remedy misconfigurations or security drift
- Build and manage CI/CD integrations for vulnerability scanning and data protection
- Configure alerts from CSPM tools and GCP-native monitoring for network and IAM anomalies
- Respond promptly to cloud security incidents by isolating resources and applying necessary remediation
- Conduct security assessments of cloud workloads and enforce compliance baselines through automated checks
- Document security controls, policies, and exceptions to maintain audit readiness
- Collaborate with DevOps, Infrastructure, and Application teams to embed security within pipelines and workloads
- Provide technical support in troubleshooting GCP IAM, firewall rules, and policy enforcement
- Participate in on-call rotations for security incidents and vulnerability patching
More DevOps Jobs
2 days ago
DevOpsSource: DevITJobsOnsite • Washington, District-Of-Columbia, Ellipse Road Northwest$115k-125k
2 days ago
2 days ago