Sephora Cloud Security Engineer

Overview

Sephora is a global beauty retailer and a leading brand within the LVMH group, combining retail excellence with digital innovation. As an employer, Sephora promotes creativity, customer-centricity and rapid iteration across commercial, digital and technology teams, offering opportunities to work at the intersection of fashion, beauty and tech.

Role & Responsibilities

• Lead cloud security strategy across design, architecture, implementation, hardening, best practices and reporting for cloud platforms.
• Collaborate with cloud architects and platform teams to define and operate a secure cloud foundation.
• Support application and product teams in defining and implementing security requirements and remediation plans.
• Define, document and continuously improve Cloud security standards and contribute to compliance initiatives.
• Automate security controls (configuration audits, alerting, monitoring, remediation and reporting) and industrialize them via IaC and CI/CD pipelines.
• Develop scripts and tooling to strengthen SecOps capabilities and operationalize detection and response.
• Deploy and operate CSPM and other continuous risk visibility solutions to assess cloud posture and drive remediation.
• Assess cloud security risks, quantify business impact, propose prioritized action plans and assist in their implementation.
• Participate actively in cloud-related security incident response and post-incident remediation.
• Maintain continuous awareness of emerging cloud-security technologies, threats and industry best practices.

Qualifications

• Mandatory: proven hands-on experience with Google Cloud Platform (GCP).
• Minimum five years of experience in cloud security, platform security or DevSecOps roles.
• Advanced proficiency with Terraform and Infrastructure as Code (IaC) practices.
• Strong experience with CI/CD tooling and source control (Git, GitHub, Bitbucket).
• Solid understanding of cloud security concepts: VPC, firewall rules, IAM, cryptography, WAF, secrets management, logging and monitoring.
• Experience with CSPM solutions (examples: Wiz, Prisma Cloud, Defender for Cloud) and cloud risk management.
• Scripting proficiency (Bash, PowerShell, Python) and operational experience on Linux/Unix and Windows.
• Familiarity with SAST tools (SonarQube, Checkmarx, Snyk Code) and DevSecOps practices is an asset.
• Knowledge of security assessment frameworks and benchmarks (OWASP, OSSTMM, CIS Controls/CIS Benchmarks) and data protection/privacy regulations is a plus.
• Google Cloud Architect or Google Cloud Security Engineer certification is a strong advantage.

Skills

Experience

Minimum five years of professional experience in cloud security, platform security, or DevSecOps with demonstrable hands-on experience on Google Cloud Platform. Additional experience on Azure is a plus.

Education

Bachelor's degree in Computer Science, Cybersecurity, Engineering or equivalent practical experience.

Workplace

Benefits

Training and ongoing employee development programs, career support and mentoring.

Culture

Sephora fosters a creative, fast-moving and collaborative environment rooted in retail and digital innovation. As part of the LVMH family, the company emphasizes experimentation, personal development and cross-disciplinary teamwork to reimagine the future of beauty.

About Cerulean

Cerulean is the definitive career portal for the global luxury industry. We match exceptional professionals with exclusive opportunities at the world's most prestigious brands. From haute couture and fine watchmaking to prestige beauty, hospitality, and boutique retail, Cerulean centralises luxury employment to help you find the career for which you were destined.