Ulta Beauty · 3 days ago
Sr IT Engineer Cloud Security
Bolingbrook, IL
Full-time
Hybrid
Senior Level
$103K/yr - $145K/yr
5+ years expUlta Beauty is the largest North American beauty retailer and a premier destination for beauty products and services. They are seeking a Senior Cloud Security Engineer to automate and enforce cloud security across their GCP ecosystem, implementing scalable security controls and integrating security into CI/CD pipelines to protect data and workloads.
BeautyConsumer GoodsCosmeticsRetail
Responsibilities
Configure, deploy, and maintain data and infrastructure security controls across GCP and Azure environments (projects, folders, and org-level)
Design and enforce Identity and Access Management (IAM) configurations — roles, service accounts, and permissions — following least-privilege and zero-trust principles
Implement network security measures such as firewall rules, VPC Service Controls, Private Service Connect, and secure interconnects to safeguard data in motion
Secure GCP and Azure services including Cloud Storage, GKE, Cloud SQL, Pub/Sub, Cloud Functions, and Dataflow with a focus on data confidentiality and workload isolation
Implement data encryption and key management strategies using Cloud KMS, CMEK, and HSM integrations
Automate configuration baselines, guardrails, and policy enforcement using Terraform, Cloud Build, or Deployment Manager
Integrate cloud-native security tools (Security Command Center, Cloud Logging, Cloud Monitoring) for visibility, compliance, and anomaly detection
Develop automation scripts and tooling (Python, PowerShell, Go) to detect, notify, and remediate misconfigurations or security drift
Build and maintain CI/CD integrations for vulnerability scanning, policy validation, and data protection controls
Use APIs and SDKs to connect cloud security data to central logging, SIEM, or analytics platforms (Chronicle, Splunk, Elastic)
Implement automated workflows for security posture management, access reviews, and incident response
Configure and tune alerts from CSPM tools (e.g., Prisma Cloud, Wiz) and GCP-native monitoring solutions for network and IAM anomalies
Respond to cloud-related security incidents, including unauthorized access, network exposure, or data exfiltration attempts, by isolating resources and applying remediation
Develop and maintain detection logic and dashboards to visualize network flows, IAM changes, and workload health
Participate in post-incident reviews to strengthen controls for IAM, encryption, and workload security
Execute security assessments on cloud workloads, data storage, network segmentation, and CI/CD processes
Enforce compliance baselines (CIS, NIST 800-53, Google Blueprint standards) through automated policy checks and reporting
Document security controls, policies, and exceptions with clear technical evidence and audit readiness
Evaluate and report on data security risks, IAM misconfigurations, and network exposure across cloud environments
Partner with DevOps, Infrastructure, and Application teams to embed security into pipelines, networks, and workloads
Provide technical guidance on secure networking, identity federation, workload segmentation, and encryption
Support operational troubleshooting for GCP IAM, firewall rules, policy enforcement, and resource access issues
Participate in on-call rotations or off-hours support for security incidents, vulnerability patching, and data protection reviews
Qualification
Required
5+ years of experience in cloud security engineering, cloud operations, or DevSecOps (GCP preferred)
Hands-on GCP expertise with strong understanding of IAM, networking, KMS, audit logging, and policy enforcement
Strong scripting proficiency in Python, PowerShell, or similar languages
Experience automating with Terraform, Cloud SDK, or GCP API integrations
Familiarity with CI/CD tools (Jenkins, GitLab, Cloud Build) and integrating security scanning (e.g., Snyk, Trivy)
Experience with CSPM solutions (Prisma Cloud, Wiz, Orca) and log analysis tools (Chronicle, Splunk, or Elastic)
Working knowledge of federated identity, SAML, and Google Cloud Directory Sync (GCDS)
Strong understanding of cloud security frameworks (CIS GCP, NIST CSF, ISO 27001)
Strong troubleshooting and analytical mindset with attention to detail
Comfortable working in fast-moving cloud environments with minimal supervision
Excellent communication skills with both technical and non-technical teams
Highly accountable and proactive — able to identify risks before failures occur
Preferred
Google Cloud Certified - Professional Security Engineer
ISC² CISSP or CCSP
ISACA CISM, CISA, or equivalent
Experience with container security (GKE, Artifact Registry, or Cloud Run)
Benefits
Paid time off
Health
Dental
Vision
Life and disability benefits
Company
Ulta Beauty
Ulta Beauty is a beauty retailer that offers a wide range of products including cosmetics, fragrances, skincare, and hair care.
10001+ employees
H1B Sponsorship
Ulta Beauty has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2020 (9)
Funding
Current Stage
Public CompanyTotal Funding
$266.3MKey Investors
Berkshire HathawayDimensional Fund Advisors
2024-08-14Post Ipo Equity· $266.3M
2016-10-11Post Ipo Equity
2007-10-25IPO
Leadership Team
Chris Lialios
Interim Chief Financial Officer
Kecia Steelman
President & Chief Operating Officer
Recent News
2026-01-06
Global Cosmetic Industry Magazine
2026-01-06
Company data provided by crunchbase