Sr Engineer IT Risk Management

OVERVIEW

Live the experience. From professional empowerment to continual learning opportunities. From ongoing investment in new and emerging technologies to a career of self-determination. At Ulta Beauty, our tech team is critical to our scalability-and is recognized that way. We've been defined as a "mature start-up." A place where interdepartmental exposure, open doors, and genuine collaboration is ubiquitous. Where challenges come fast and furious, requiring agility, mental dexterity, and creativity. Where our passion for better solutions drives us and is core to who we are.

We're engineering for the future of retail, and it's no-holds-barred. But for those motivated by continual change and ambiguity, by superior leadership, by whip smart colleagues who will press you daily for your very best, you'll find that virtually nothing's impossible at Ulta Beauty.

THE IMPACT YOU CAN HAVE:

The Ulta Beauty IT Risk Management team is looking for a Senior Identity Engineer with strong technical experience in Identity Management, privileged access, and authentication flow. The individual filling this role must be a motivated self-starter with the ability to contribute to long-term decisions affecting ULTA's business environment from an IT, Access management & Compliance perspective. This position will be a senior engineer level position with several years' experience in the retail IT environment and requires the ability to build relationships across all IT teams and many business teams. The senior engineer will be accountable for implementing and supporting authentication, authorization, multifactor, and privileged access management systems across a hybrid multi-cloud environment. Additional responsibilities include implementing and documenting process solutions for business-critical applications.

YOU'LL ACCOMPLISH THESE GOALS BY:

• Solution Architecture

• Development and implementation of authentication and authorization involving complex systems, ensuring accuracy and consistency with the specified requirements agreed with both external and internal customers. Ability to effectively adapt to rapidly changing technologies and apply them to evolving business needs.

• Privileged Access Strategy & Planning

• Manages the creation or review of an IT strategy around privileged access which meets the requirements of the business. Develops, communicates, implements, and reviews the processes which ensure that strategic management of IT is embedded in the organization's management and operational plans.

• Problem Management- Ensures that appropriate action is taken to anticipate, investigate and resolve problems in systems and services. Ensures that such problems are fully documented within the relevant reporting system(s). Assists in the development of problem solutions. Helps coordinate the implementation of agreed remedies and preventative measures. Evaluates patterns and trends.

• Quality Management

• Participates in applying appropriate quality management techniques to identify areas for improvement. Coordinates systematic remediation actions to reduce vulnerabilities and improve the quality of the systems and services, by examination of the root causes of problems.

• Relationship Management

• Facilitates open communication and discussion between stakeholders, acting as a single point of contact by developing, maintaining, and working on stakeholder engagement strategies and plans. Negotiates with stakeholders at senior levels and ensures that organizational policy and strategies are adhered to.

• Research

• Investigates, plans, and identifies appropriate opportunities for publication and dissemination of research findings. Where necessary, designs data collection tools and techniques for both qualitative and quantitative data

• Business Process Improvement

• Analyzes business processes; evaluates alternative solutions, assesses feasibility, and recommends innovative approaches, typically seeking to exploit technology components. Evaluates the financial, cultural, technological, organizational, and environmental factors which must be addressed in the change program. Develops business requirements for implementing significant changes in organizational mission, business functions and process, organizational roles and responsibilities, and scope or nature of service delivery.

ADDITIONAL RESPONSIBILITIES:

• Good understanding of cloud technologies and tools, including SAML, Oauth, Conditional Access, Authentication and Authorization

• Facilitate the planning, analysis, design, development, implementation, and support the migration of on-premises federation services to Azure

• Partner with various IT teams, vendors, and/or business partners to ensure solutions align with best practices and meet business and audit requirements

• Provide technical support for implementing, troubleshooting, and maintaining password management and radius systems

• Provides process improvement opportunities to streamline application security and contributes to developing a Role Based Access Control model.

• Works closely with the business and IT to develop cost effective, operationally support solutions that meet security requirements

• Provides Root Cause Analysis and provides guidance to implement corrective actions to address root causes (especially for complex or intermittent issues)

• Provides and documents all processes surrounding identity management systems in a well-organized manner

• Remains aware of and applies industry best practices in security techniques

• Performs other duties as assigned

ESSENTIALS FOR SUCCESS:

• Bachelor's degree in computer science, a related field, or 8+ years' work experience

• Comfortable with PowerShell, and other scripting languages used for automation

• Experience with CyberArk privileged access management Preferred. Experience with CyberArk, Powerbroker, Hashi, and/or other PAM (Privileged Access Management) solutions

• 5 + years relevant hands-on experience in PAM

• Security knowledge which covers core technology infrastructure (network, storage, servers, databases, etc.) identity management and application security practice.

• Experience with Linux, Windows, Cloud scale Identity, Access Management (Single Sign-On, Multi Factor Authentication), Authorization services or design and architecture of PAM services

• Experience with and knowledge of Federation platforms or protocols such as Oauth, OpenID, SAML, WS-Fed, etc.

• Working level experience with IAM platforms such as Google Identity, Active Directory, EntraID

• Hands on experience and proficiency with Okta, Azure, GCP (Google Could Platform), and/or Cloud Technologies will be an advantage.

• Experience in consumption of Web Service APIs (Application Programmable Interface) such as JSON / XML

• Proven ability to clearly and effectively communicate (verbal and written) both business and technical information, adjusting terminology based on the audience

• Proven automation capabilities

• Ability to follow-up, follow through and deliver timely results

• Pro-active and able to drive direction of work that needs to be completed, ability to work independently on initiatives with little oversight. Motivated and willing to learn

• Strong attention to detail and advanced analytical skills

• Excellent communication and presentation skills

• Excellent organizational skills and be able to effectively prioritize multiple tasks

• Hands on experience and involvement in large and complex projects

• Participation in regular on call rotations

• Limited travel requirements, conferences / events

• Ability to provide support during off hours weekends, and peak season

ABOUT

At Ulta Beauty (NASDAQ: ULTA), the possibilities are beautiful. Ulta Beauty is the largest North American beauty retailer and the premier beauty destination for cosmetics, fragrance, skin care products, hair care products and salon services. We bring possibilities to life through the power of beauty each and every day in our stores and online with more than 25,000 products from approximately 500 well-established and emerging beauty brands across all categories and price points, including Ulta Beauty's own private label. Ulta Beauty also offers a full-service salon in every store featuring-hair, skin, brow, and make-up services.

We will consider for employment all qualified applicants, including those with arrest records, conviction records, or other criminal histories, in a manner consistent with the requirements of any applicable state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, the San Francisco Fair Chance Ordinance, and the New York City Fair Chance Act.