GENERAL SUMMARY & SCOPE
The Ulta Beauty IT Risk Management team is looking for an Application Security Engineer. This position is accountable for supporting security-related aspects of IT applications and infrastructure, with an emphasis on the external Cloud platforms. This position interfaces with associates at varying levels of the organization and works closely with project managers and Application Development / Infrastructure / Operations personnel. The overall mission of the ITRM Security Engineer is to ensure ULTA s IT environment is protected against internal and external threats and in compliance with the Sarbanes Oxley Act (SOX), the Payment Card Industry Data Security Standard (PCI DSS) and all applicable state and federal privacy laws and regulations.
REQUIRED JOB SKILLS
- Business process improvement - Analyzes business processes; identifies alternative solutions, documents feasibility, and recommends new approaches. Contributes to evaluating the factors which must be addressed in the change program. Helps establish requirements for the implementation of changes in the business process.
- Information security - Contributes advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Assesses and acts on vulnerability information and undertakes security risk assessments, business impact analysis and accreditation on complex information systems. Contributes to development of information security policy, standards and guidelines.
- Application Support - Identifies and resolves issues with applications, following agreed procedures. Uses application management software and tools to collect agreed performance statistics. Carries out agreed applications maintenance tasks.
- Security administration - Receives and responds to routine requests for security support. Maintains records and advises relevant persons of actions taken. Aids in the investigation and resolution of issues relating to access controls and security systems. Investigates minor security breaches in accordance with established procedures. Assists users in defining their access rights and privileges. Performs non-standard security administration tasks and resolves security administration issues
- Requirements definition and management - Uses established techniques as directed to identify current problems and elicit, specify and document business functional, data and non-functional requirements for various subject areas with clearly-defined boundaries. Assists with implementing the processes for establishing agreed baselines for change and managing the assessment and application of requested changes to those requirements. Assists in defining acceptance tests for the specified requirements.
PRINCIPAL DUTIES & RESPONSIBILITIES (*Essential Functions)
- Responsible for all Ulta Beauty application security including user and role management with an emphasis on Cloud Application Security (Google Cloud Platform, SAP Cloud Platform, Azure, etc) and the hybrid cloud environment.
- Provide input to Architect to designing highly available and scalable systems on cloud platforms
- Develop automation and processes to quickly and rapidly deploy, manage, configure, secure and scale cloud-based systems and stacks
- Implement methodologies and systems to automate and support application deployments
- Administer security requests for internal applications such as SAP ECC, PI, BI, BOBJ, CPI, SuccessFactors, Hana database security and IBM OMS.
- Manages SAP GRC system configuration, workflow, emergency access management, User Access Reviews as well as other functions within the SAP GRC module.
- Participates in security design and development for projects for all applications.
- Identifies process improvement opportunities to streamline application security and contribute to developing a Role Based Access Control model.
- Ensure application role management meet Segregation of Duties and SoX compliance requirements.
- Maintains and enforces security policies and standards
- Participates and contributes to information security-related internal / external audits
- Performs other duties as assigned
SPECIAL POSITION REQUIREMENTS
- Knowledgeable as to IT security concepts, compliance, principles and tools
- Ability to understand business needs; ability to establish and maintain a high level of business partner trust and confidence in ITRM s concern for end users and other stakeholders
- Ability to clearly and effectively communicate both business and technical information
- Ability to follow-up, follow through and deliver timely results
- Bachelor s degree in a technical discipline (or equivalent work experience)
- Minimum of five years experience in a technology position with a broad knowledge of IT hardware and software, particularly within a SAP environment.
- Minimum of two years experience in an IT security administration / security technician or Cloud platform administration role
- Retail industry experience preferred
- Fast-paced, dynamic environment with new tasks changing daily/weekly
- Dependability is essential
Associated topics: behavioral, crime analyst, criminologist, dna, genomic, lab, medical, technical, technologist, technology