Cloud DevSecOps Lead

The Estée Lauder Companies (ELC) Inc. is a Fortune 500, multinational manufacturer and marketer of prestige skincare, makeup, fragrance and hair care products, headquartered in New York City. As the global leader in prestige beauty, we touch over half a billion consumers a year.  The company owns a diverse portfolio of brands, distributed internationally through both digital commerce and retail channels. The Estee Lauder Companies has a Cloud DevSecOps Lead position within the Global Cloud Platform Organziation (internal name of the position: Director, Cloud DevSecOps Lead).  This position is responsible for cloud security design, implementation and enforcement. The Cloud DevSecOps Lead will also collaborate with Enterprise Architecture, Infrastructure, Networking, Security and AppDev teams to provide input for developing, communicating, and managing IT strategic security intiaives, policies and standards required to support the company's business vision, strategies, and operational plans. The Cloud Platform DevSecOps Lead will work closely with internal stakeholders, including Security, Legal, Compliance, IT, Brands, Regions, and Functions to architect cross-organizational solutions that adhere to ELCs security standards.  You will be passionate about technology that will enable business transformation, engineering culture, and have significant experience energizing and coordinating technology organizations across multiple locations. Technical Competencies                                                                       

• Support operational readiness reviews and help with enforcing security requirements within projects and the Software Development Lifecycle (SDLC).
• Experience with shift-left/fail-fast security mechanisms with focus on fast yet reliable security testing.
• Assist with vulnerability response by performing analysis, determining scope and impact, and assisting with remediation of identified vulnerabilities
• Proactively look for opportunities to automate every aspect of the application and security lifecycle
• Support application team as well as development teams to design and implement processes and/or tools for secure code reviews and security testing
• Assist in developing application specific threat models to identify security flaws and provide guidance on application specific risks and controls.
• Integrating security tools, configurations, and testing into Continuous Integration/Continuous Delivery (CI/CD) pipelines in an Agile environment
• Help team in maintaining and using application security tools such as code scanning and code review tools, application vulnerability scanners, etc
• Coordinate and support security audits and assessments to evaluate policy compliance and existing defenses and to identify vulnerabilities.
• Strong knowledge of cloud security controls including tenant isolation, encryption at rest, encryption in transit, key management, vulnerability assessments, and application firewalls
• Effective in analyzing and developing options to balance business needs with security vulnerabilities
• Ability to script or program in one or more language (e.g. Perl, Python, .Net, or Java).
• Experience with DevOps style automation, infrastructure as code and Continuous Delivery techniques.
• Experience with DevSecOps in a Public Cloud environment.

• Develop and lead the evangelization of an application and data protection strategy to support strategic initiatives in application modernization, DevSecOps, artificial intelligence as well as multi-cloud adoption.
• Provide training and guidance to empower teams and instill a culture of DevSecOps
• Provide functional or technical expertise and consultation to IT management, users, and technical staff for solutions to business needs
• Delegate, coach, coordinate and lead co-workers and project team members.                 
• Monitor and support the knowledge transfer process for new team member.

• Understands the art of the possible, compares various architectural options based on feasibility and impact and proposes actionable plans
• Demonstrated strong analytical skills and technical problem-solving skills
• Ability to balance what is strategically right with what is practically realistic
• Proactive approach to identifying issues and presenting solutions and options, and where appropriate, leading to resolution

• Partner with Strategic Vendors, DevSecOps, Risk, Enterprise Architecture & Directory Services team to define and implement new required infrastructure, services & best practices.
• Work with project managers, infrastructure engineering teams, application architects and/or cloud ops teams to resolve issues which arise within project; drives project’s progress and critical success factors.
• Engage with Strategic Business Partners, business leads and brands, application architects, and development team to help take business needs and deliver IT solutions while maintaining security best practices.