Engineer - SOC

OVERVIEW

Live the experience. From professional empowerment to continual learning opportunities. From ongoing investment in new and emerging technologies to a career of self-determination. At Ulta Beauty, our tech team is critical to our scalability-and is recognized that way. We've been defined as a "mature start-up." A place where interdepartmental exposure, open doors, and genuine collaboration is ubiquitous. Where challenges come fast and furious, requiring agility, mental dexterity, and creativity. Where our passion for better solutions drives us and is core to who we are.

We're engineering for the future of retail, and it's no-holds-barred. But for those motivated by continual change and ambiguity, by superior leadership, by whip smart colleagues who will press you daily for your very best, you'll find that virtually nothing's impossible at Ulta Beauty.

THE IMPACT YOU CAN HAVE:

The Threat Intelligence Engineer will be part of the Threat Intelligence team, which is tasked with the primary mission to detect, analyze, investigate, and defend against sophisticated digital attacks. In this position, the Threat Intelligence Engineer will report to the Threat Intelligence Manager and be part of the Threat Detection and Analysis team. The Threat Intelligence Engineer will work alongside peers and actively contribute to alert triage, investigations, and provide input to different approaches to threat detection and response.

YOU'LL ACCOMPLISH THESE GOALS BY:

• Research

• Reviews and contributes to appropriate outline ideas for research, i.e. evaluation, development, demonstration and implementation. Leverages resources to gain an up-to-date knowledge of any relevant field. Reports on work carried out and may contribute sections of material of publication quality.

• Problem Management

• Undertakes and reviews actions to investigate and resolve problems in systems, processes and services. Assesses problem fixes/remedies. Assists with the implementation of agreed remedies and preventative measures.

• Incident Management

• Undertakes the identification, registration and categorization of incidents. Gathers information to enable incident resolution and promptly escalates incidents as appropriate. Maintains records and advises relevant persons of actions taken.

• Penetration Testing

• Maintains current knowledge of malware attacks, and other cyber security threats. Specifies requirements for environment, data, resources and tools. Interprets, executes and analyses actions and results. Provides reports on progress, anomalies, risks and issues associated with the overall project. Reports on system quality and collects metrics on test cases. Provides specialist advice to support others.

• Business Risk Management

• Creates risk assessment within a defined functional or technical area of business. Maintains consistent processes for identifying potential risk events, quantifying and documenting the probability of occurrence and the impact on the business. Refers to domain experts for guidance on specialized areas of risk, such as architecture and environment. Coordinates the development of countermeasures and contingency plans.

• Information Security

• Contributes advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Assesses and acts on vulnerability information and undertakes security risk assessments, business impact analysis and accreditation on complex information systems. Contributes to development of information security policy, standards and guidelines.

• Innovation

• Manages, monitors, and seeks, opportunities, new methods, trends, capabilities and products to the advancement of the organization. Clearly articulates, and formally reports potential benefits from both structural and incremental change. Promotes and motivates colleagues to share creative ideas and learn from failures.

ADDITIONAL RESPONSIBILITIES

• Experience managing an investigation; understanding the methodologies for investigative triage, case/investigation definition, etc.

• Application of common Cyber Security concepts including Intrusion Detection Systems, Host Intrusion Prevention Systems, and Anti-Virus Solutions

• Understanding of the Windows File System structure, and ability to recover deleted files, search hidden files, and access registry keys

• Knowledge of Operational Security (OpSec) principles for cyber operations with an emerging understanding of the relationships between the cyber domain disciplines

• Ability and experience capturing and analyzing volatile (in-memory) data

• Experience with network signature development with tools such as SNORT, NetFLOW, WireShark, tcpdump or related tools

• Experience with central log collection, indexes, searching and analysis

• Ability to interpret logs in the context of security events/intrusions and make accurate conclusions

• Correlate actionable security events from various log sources which either feed or supplement the Security Information and Event Management (SIEM) solution

• Review threat data from various sources, and develop custom signatures for open source Intrusion Detection Systems (IDS) or other custom detection capabilities

• Perform network traffic analysis

• Employ advanced forensic tools

• Utilize understanding of attack signatures, tactics, techniques and procedures associated with advanced threats

• Conduct malware analysis of attacker tools providing indicators for enterprise defensive measures, and reverse engineer attacker encoding protocols

• Interface with remote team members

ESSENTIALS FOR SUCCESS:

• Bachelor's degree in Computer Science, a related field, or applicable work experience 2-4 years of IT experience

• Professional designation/certification,

• Knowledge of networking protocols (such as TCP, UDP, DNS, FTP, SMTP, DHCP, etc.)

• Knowledge of Windows operating system functionality (file system structure, registry keys, scheduled tasks, processes, services, memory management, data storage, etc.)

• Strong Communications, customer focus and leadership skills required.

• Strong team player with proven experience and ability to collaborate with security professionals.

• Proven experience and ability to manage problem resolution of complex or intermittent issues in a multi-vendor, integrated enterprise environment.

• Ability to follow-up, follow through and deliver timely results

• Ability to apply advanced skill set to resolve complex problems

• Capable of learning new concepts and processes quickly, and adapting to a constantly changing environment

• Strong verbal, written and presentation skills with the ability to effectively interact with internal and external business partners.

• Solid knowledge of industry best practices and technical systems.

• Normal office demands, ability to lift a minimum of 25 pounds.

• Off-Hours support including 24x7 on-call required.

ABOUT

At Ulta Beauty (NASDAQ: ULTA), the possibilities are beautiful. Ulta Beauty is the largest North American beauty retailer and the premier beauty destination for cosmetics, fragrance, skin care products, hair care products and salon services. We bring possibilities to life through the power of beauty each and every day in our stores and online with more than 25,000 products from approximately 500 well-established and emerging beauty brands across all categories and price points, including Ulta Beauty's own private label. Ulta Beauty also offers a full-service salon in every store featuring-hair, skin, brow, and make-up services.

We will consider for employment all qualified applicants, including those with arrest records, conviction records, or other criminal histories, in a manner consistent with the requirements of any applicable state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, the San Francisco Fair Chance Ordinance, and the New York City Fair Chance Act.