FreeHire

Ulta Beauty, Inc.

Cloud Security Engineer

Show

OVERVIEW

Live the experience. From professional empowerment to continual learning opportunities. From ongoing investment in new and emerging technologies to a career of self-determination. At Ulta Beauty, our tech team is critical to our scalability—and is recognized that way. We’ve been defined as a “mature start-up.” A place where interdepartmental exposure, open doors, and genuine collaboration is ubiquitous. Where challenges come fast and furious, requiring agility, mental dexterity, and creativity. Where our passion for better solutions drives us and is core to who we are.

We’re engineering for the future of retail, and it’s no-holds-barred. But for those motivated by continual change and ambiguity, by superior leadership, by whip smart colleagues who will press you daily for your very best, you’ll find that virtually nothing’s impossible at Ulta Beauty.

THE IMPACT YOU CAN HAVE:

  • Ulta Beauty is seeking a Cloud Security Engineer with hands-on, technical experience in securing our cloud platforms and modern application environments. This role will focus on implementing and improving cloud security controls, monitoring and responding to security findings, supporting compliance initiatives, and partnering with engineering and project teams to integrate security into cloud and application workflows.
  • Ulta’s environment is primarily based within Google Cloud Platform (GCP), with a smaller Azure footprint supporting a subset of applications.
  • The ideal candidate is a hands-on engineer who can solve technical security challenges across Cloud Infrastructure, IAM, data and workload protection, and DevOps (CI/CD) processes.
  • Success in this role requires strong collaboration and communication skills, as you will work closely with infrastructure, platform, and application teams to improve security while enabling business objectives.

YOU'LL ACCOMPLISH THESE GOALS BY:

Cloud Security Implementation

  • Implement and maintain cloud security controls across GCP and Azure environments, including projects, subscriptions, and organizational structures.
  • Assist in the design, deployment, and continuous improvement of cloud security guardrails, baseline configurations, and policy enforcement mechanisms.
  • Support Identity and Access Management (IAM) initiatives and operational activities, including least-privilege access, privileged account/identity management, service account governance, and identity federation in the cloud, always following zero-trust principles.
  • Secure cloud services, workloads, and data platforms through configuration reviews, hardening activities, and security best practices; including but not limited to VPC Service Controls, NSGs, Cloud Storage, GKE, BigQuery, Cloud SQL, Pub/Sub, Cloud Functions, and Cloud Run.
  • Support container and workload security initiatives, including hardened container image adoption, image scanning for CVEs, and secure deployment practices (DevSecOps).
  • Support defining and implementing encryption, key management, and data protection practices and controls across cloud environments.
  • Contribute to security automation efforts using Infrastructure as Code (IaC), scripting, and cloud-native tooling to improve operational efficiency and reduce manual processes.
  • Integrate and maintain cloud-native and third-party security tools to improve visibility, posture management, and threat detection to improve overall security posture.
  • Support the implementation of security controls within CI/CD pipelines, including vulnerability scanning, secrets detection, and policy validation (DevSecOps).
  • Assist development teams with secure cloud architecture patterns and application deployment practices.

Monitoring & Incident Response

  • Monitor and tune cloud security alerts, vulnerabilities, and findings from cloud-native (GCP SCC, MS Defender for Cloud) and third-party security tools (Prisma Cloud, Wiz).
  • Investigate suspicious activity, misconfigurations, exposed secrets, and potential security incidents within cloud environments.
  • Support incident response activities involving cloud resources, identities, workloads, applications, and data.
  • Perform root cause analysis and recommend remediation actions following security events.
  • Validate remediation efforts and help improve monitoring coverage based on lessons learned from incidents and investigations

Compliance & Risk Management

  • Support cloud security assessments and control reviews against established security frameworks and organizational standards (CIS, NIST 800-53, PCI-DSS).
  • Assist with vulnerability management activities, including identification, prioritization, remediation tracking, and validation.
  • Participate in cloud security posture reviews and continuous improvement initiatives using CNAPP and CSPM technologies.
  • Support audit requests, evidence collection, and documentation activities related to cloud security controls
  • Execute security assessments on cloud workloads, data storage, network segmentation, and CI/CD processes.

Collaboration & Support

  • Partner with infrastructure, platform, application development, and security teams to promote secure cloud adoption and DevSecOps best practices.
  • Provide guidance on secure cloud architecture, infrastructure-as-code, identity management, and cloud-native services.
  • Assist development teams in identifying and remediating cloud and application security issues throughout the SDLC.
  • Contribute to the development of cloud security standards, procedures, technical documentation, and operational runbooks.

ESSENTIALS FOR SUCCESS:

  • 3+ years of experience in cloud security, cybersecurity, cloud engineering, DevSecOps, or a related technical field.
  • Hands-on experience with Google Cloud Platform (GCP) security services and concepts.
  • Experience securing cloud workloads, identities, applications, and data services.
  • Familiarity with cloud security monitoring, vulnerability management, and incident response processes.
  • Understanding of security fundamentals including IAM, encryption, logging, threat detection, vulnerability management, and secure application deployment practices.
  • Familiarity with application security concepts such as secrets management, dependency scanning, vulnerability remediation, or secure coding principles.
  • Strong analytical, troubleshooting, and communication skills, as well as working effectively with technical and non-technical stakeholders.

PREFERRED QUALIFICATIONS:

  • Relevant cloud or security certifications such as Google Professional Cloud Security Engineer, Azure Security Engineer Associate (AZ-500), Security+, or equivalent.
  • Familiarity with Palo Alto Prisma Cloud, Wiz, or similar platforms.
  • Experience with container security, Kubernetes security, and secure software supply chain practices.
  • Exposure to application security tools and processes such as SAST, DAST, dependency scanning, secrets detection, software composition analysis (SCA), or secure code review (e.g. SonarQube, Checkmarx, TruffleHog, Chainguard).
  • Familiarity with security frameworks such as CIS Benchmarks, NIST 800-53, PCI-DSS, or ISO 27001.
  • Experience with scripting or automation using Python, PowerShell, Bash, or similar languages.
  • Strong troubleshooting and analytical mindset with attention to detail.
  • Comfortable working in fast-moving cloud environments with minimal supervision.
  • Strong communication skills with both technical and non-technical teams.
  • Accountable and proactive - able to identify risks before failures occur.

#LI - ML1

#LI - hybrid




The pay range for this position is $88,200.00 - $130,000.00 / Year with the opportunity for eligible associates to earn additional compensation pursuant to the Company’s bonus plan. Exact pay will be based on factors including, but not limited to relevant education, qualifications, certifications, experience, level, shift, geographic location, and business and organizational needs. Full-time positions are eligible for paid time off, health, dental, vision, life and disability benefits. Part-time positions are eligible for dental, vision, life, and disability benefits. For additional information concerning our benefits, visit our Benefits and Career Development page: https://learn.bswift.com/ulta

ABOUT

At Ulta Beauty (NASDAQ: ULTA), the possibilities are beautiful. Ulta Beauty is the largest North American beauty retailer and the premier beauty destination for cosmetics, fragrance, skin care products, hair care products and salon services. We bring possibilities to life through the power of beauty each and every day in our stores and online with more than 25,000 products from approximately 500 well-established and emerging beauty brands across all categories and price points, including Ulta Beauty’s own private label. Ulta Beauty also offers a full-service salon in every store featuring—hair, skin, brow, and make-up services.

We will consider for employment all qualified applicants, including those with arrest records, conviction records, or other criminal histories, in a manner consistent with the requirements of any applicable state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance, the San Francisco Fair Chance Ordinance, and the New York City Fair Chance Act.