The Lead, ECR Security Engineer for Network and Cloud is responsible for secure development and maintenance of Estee Lauder's cloud systems. This will encompass supporting security assessments of infrastructure and applications, and defining security standards, developing and implementing security controls using Agile and DevSecOps frameworks.
This position will directly contribute to the overall global enterprise cloud architecture. This role will also provide security solutions around cloud-based applications, Infrastructure, Platform, and Software as a Service (IaaS/PaaS/SaaS). With the move to the cloud comes an extension of the ELC network. This role is also responsible for best-in-class engineering capabilities for network security. Must have excellent track record and proven ability to produce effective, innovative solutions on an enterprise scale. Constantly evaluating the evolving IT industry to be on top of the latest innovations in IT and performing fit-analysis of new technologies, sharing the same with ECR leadership.
•Develops and executes strategies, policy and guidelines to increase Network and Cloud Security knowledge throughout the enterprise •Leads network security “run” configurations (whether done in house, by IAAS provider, or third party provider), and ensures firewall auditing is conducted on a regular basis for security purposes •Designs cloud security reference architectures (SaaS, PaaS and IaaS deployments) and associated security principles to support business projects including necessary integration points across ECR •Supports assessments of key security controls for the company's cloud-based business applications and remediate security gaps conducted by the Senior Technical Director of Application Security •Builds template plans to assist with application migrations into different cloud deployment models including IaaS, PaaS and SaaS •Evaluates, designs and implements new cloud technology and processes to mature cloud security controls •Designs and integrate consistent security solutions across on premise and cloud environments for domains like Vulnerability Management, Endpoint Security, Data Security, Network Security, Identity and Access management etc. •Designs and develop security architectures for public (Azure, AWS, GCP) and hybrid clouds •Champions a DevSecOps security model so that security is automated and elastic across all platforms •Works with Engineering, Infrastructure Services, and Application Development organizations to choose appropriate technology solutions and facilitates complete integration into the application environments •Assists with implementation of IDaaS rollout to selected corporate SaaS applications and partners with the Head of Digital Identity to extend IAM capabilities to those applications •Supports CASB to enforce several different security controls, including access control, encryption, and device profiling •Evaluates and leverages server-less technology to automate security monitoring and incident response •Ensures enforcement of configurations, and enables Cybersecurity Threat Management Center (CTMC) monitoring of security on systems deployed in the cloud •Participates in the review of design principles and controls relating to third party cloud solution providers •Keep informed of new and emerging cloud security threats, security frameworks and regulations •Facilitates deployment orchestration and automation with a focus on security with tools such as Jenkins, Spinnaker, Puppet, Chef, Terraform, Azure DevOps etc.
•A minimum of 7+ years of experience with a mix of Security, Infrastructure, Network and Cloud experience, preferably with system admin/engineer background •Extensive experience of enterprise security solutions and best practice controls for infrastructure and network, and including logging and application architectures •Strong technical security skills in multiple areas, e.g., application security, data security, network security, infrastructure security, cloud security and cryptography •Strong knowledge of cloud security, public cloud, hybrid cloud, private cloud, IaaS, SaaS, PaaS environments •Demonstrated experience with one or more cloud technologies: Microsoft Azure, and AWS. Knowledge of Google Cloud Platform and Microsoft Office 365 is a plus •Experience automating tasks in the cloud, particularly security automation (e.g. ansible, Jenkins, API integration, scripting language, Server less technology, etc.). •Proficiency with scripting (Power shell for Azure and working with the AWS Command-line) •Sound knowledge of enterprise security concepts/frameworks and products, secure design principles and patterns •Ability to visualize, articulate and solve complex technical problems •Ability to work with legal, risk, and IT teams on RFPs, and to define contract terms and SLA's to ensure security is properly embedded in cloud services leveraged across ELC
Job: Information Technology
Primary Location: Americas-US-NY-Long Island City
Job Type: Standard
Shift: 1st (Day) Shift
Job Number: 1923140
We are an equal opportunity employer. Minorities, women, veterans, and individuals with disabilities are encouraged to apply. It is Company's policy not to discriminate against any employee or applicant for employment on the basis of race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, protected medical condition as defined by applicable state or local law, genetic information, or any other characteristic protected by applicable federal, state, or local laws and ordinances. The Company will endeavor to provide a reasonable accommodation consistent with the law to otherwise qualified employees and prospective employees with a disability and to employees and prospective employees with needs related to their religious observance or practices. Should you wish to apply for this position or any other position with the Company and you believe you require assistance to complete an application or participate in an interview, please contact USApplicantAccommodations@Estee.com.
Apply on company website