Ulta BeautyRemote
Sr IT Engineer Cloud Security
United States
Full Time
1 week ago
$103,000 - $145,000 USD
H1B Sponsor Likely
Key skills
GCP IAMNetwork SecurityWorkload ProtectionTerraformCloud Security FrameworksPythonCSPM SolutionsCI/CD ToolsPowerShellGoogle Cloud CertifiedCISSPCISMAnalytical MindsetCommunication SkillsProactive AttitudeGoSQLAnalyticsAzureGCPGoogle CloudJenkinsGKEIAMCloud RunCloud FunctionsPub/SubCloud StorageCloud BuildPrismaSAMLSplunkGitLabCI/CDCollaborationSnykTrivyCloud SecurityFirewall
About this role
Ulta Beauty is a leading beauty retailer that emphasizes technological innovation and collaboration. The Senior Cloud Security Engineer will play a crucial role in automating and enforcing cloud security measures across the company's Google Cloud Platform ecosystem.
Responsibilities:
- Configure, deploy, and maintain data and infrastructure security controls across GCP and Azure environments (projects, folders, and org-level)
- Design and enforce Identity and Access Management (IAM) configurations — roles, service accounts, and permissions — following least-privilege and zero-trust principles
- Implement network security measures such as firewall rules, VPC Service Controls, Private Service Connect, and secure interconnects to safeguard data in motion
- Secure GCP and Azure services including Cloud Storage, GKE, Cloud SQL, Pub/Sub, Cloud Functions, and Dataflow with a focus on data confidentiality and workload isolation
- Implement data encryption and key management strategies using Cloud KMS, CMEK, and HSM integrations
- Automate configuration baselines, guardrails, and policy enforcement using Terraform, Cloud Build, or Deployment Manager
- Integrate cloud-native security tools (Security Command Center, Cloud Logging, Cloud Monitoring) for visibility, compliance, and anomaly detection
- Develop automation scripts and tooling (Python, PowerShell, Go) to detect, notify, and remediate misconfigurations or security drift
- Build and maintain CI/CD integrations for vulnerability scanning, policy validation, and data protection controls
- Use APIs and SDKs to connect cloud security data to central logging, SIEM, or analytics platforms (Chronicle, Splunk, Elastic)
- Implement automated workflows for security posture management, access reviews, and incident response
- Configure and tune alerts from CSPM tools (e.g., Prisma Cloud, Wiz) and GCP-native monitoring solutions for network and IAM anomalies
- Respond to cloud-related security incidents, including unauthorized access, network exposure, or data exfiltration attempts, by isolating resources and applying remediation
- Develop and maintain detection logic and dashboards to visualize network flows, IAM changes, and workload health
- Participate in post-incident reviews to strengthen controls for IAM, encryption, and workload security
- Execute security assessments on cloud workloads, data storage, network segmentation, and CI/CD processes
- Enforce compliance baselines (CIS, NIST 800-53, Google Blueprint standards) through automated policy checks and reporting
- Document security controls, policies, and exceptions with clear technical evidence and audit readiness
- Evaluate and report on data security risks, IAM misconfigurations, and network exposure across cloud environments
- Partner with DevOps, Infrastructure, and Application teams to embed security into pipelines, networks, and workloads
- Provide technical guidance on secure networking, identity federation, workload segmentation, and encryption
- Support operational troubleshooting for GCP IAM, firewall rules, policy enforcement, and resource access issues
- Participate in on-call rotations or off-hours support for security incidents, vulnerability patching, and data protection reviews
Requirements:
- 5+ years of experience in cloud security engineering, cloud operations, or DevSecOps (GCP preferred)
- Hands-on GCP expertise with strong understanding of IAM, networking, KMS, audit logging, and policy enforcement
- Strong scripting proficiency in Python, PowerShell, or similar languages
- Experience automating with Terraform, Cloud SDK, or GCP API integrations
- Familiarity with CI/CD tools (Jenkins, GitLab, Cloud Build) and integrating security scanning (e.g., Snyk, Trivy)
- Experience with CSPM solutions (Prisma Cloud, Wiz, Orca) and log analysis tools (Chronicle, Splunk, or Elastic)
- Working knowledge of federated identity, SAML, and Google Cloud Directory Sync (GCDS)
- Strong understanding of cloud security frameworks (CIS GCP, NIST CSF, ISO 27001)
- Google Cloud Certified – Professional Security Engineer
- ISC² CISSP or CCSP
- ISACA CISM, CISA, or equivalent
- Experience with container security (GKE, Artifact Registry, or Cloud Run)