<p>Technology</p> <p>Join our dynamic and highly skilled Cybersecurity Engineering team, responsible for protecting critical systems and sensitive data from potential cyber threats. We are a group of passionate engineers dedicated to building secure solutions across our enterprise. Our team collaborates closely with IT, development, and business units to ensure all systems are designed and implemented with the highest levels of security. As a Principal Architect, you will play a leadership role within this team, setting security standards, mentoring junior engineers, and guiding the implementation of innovative cybersecurity practices.</p> <p>Your role at Sephora:</p> <p>The Principal Architect for Cybersecurity will be responsible for defining, designing, and implementing the organization's cybersecurity architecture and strategy. This role requires a visionary leader with deep technical expertise in cybersecurity, risk management, and emerging technologies. The Principal Architect will work closely with cross-functional teams to ensure the security of our systems, applications, and data while aligning with business objectives and regulatory requirements. This role will also collaborate with peers at LVMH, Sephora Global, and other Sephora Regions.</p> <p>Responsibilities:</p> <ul> <li>Application Security: Secure web applications from cyber threats including identifying and fixing vulnerabilities, implementing security best practices, and educating development teams on secure coding practices. </li><li>Security Architecture Design: Owns the design, implementation, and management of our organization's cybersecurity architecture. </li><li>Mentorship & Leadership: Guide and mentor security engineers, architects, and other technical professionals, fostering a strong security culture. </li><li>Cloud Security: Develop and enforce security policies and controls for cloud platforms (Azure, GCP, OCI), including IAM, encryption, and monitoring. </li><li>Innovation & Research: Stay ahead of emerging cybersecurity trends, threats, and technologies, recommending proactive security enhancements. </li><li>Incident Response & Forensics: Provide guidance on security monitoring, incident detection, and response strategies to strengthen organizational resilience. </li><li>DevSecOps & Automation: Integrate security into CI/CD pipelines, leveraging automation, Infrastructure as Code (IaC), and security-as-code principles. </li></ul> <p>We're excited about you if you have:</p> <ul> <li>15-20 years of web development and/or experience with programming languages, secure coding practices, and common web technologies. </li><li>15-20 years experience in cybersecurity, with at least 5 years in a senior architecture or leadership role. </li><li>15-20 years hands-on experience with security tools such as SIEM, EDR, WAFs, NDR, Bot Protection, IDS/IPS, and vulnerability management platforms. </li><li>15-20 years hands-on experience with website security tools such as Akamai </li><li>15-20 years strong expertise in security frameworks (e.g., NIST, PCI-DSS, CIS Controls, MITRE ATT&CK). </li><li>15-20 years strong understanding of network security, application security, identity, and access management (IAM), and data protection. </li><li>Strong analytical, problem-solving, and communication skills with the proven ability to influence stakeholders across different technology functions and various levels - from executive leadership to individual contributor </li><li>Experience with modern cloud security architectures (Azure, GCP, OCI) </li><li>Knowledge of DevSecOps practices, container security (Kubernetes, Docker), and CI/CD pipeline integration </li><li>2-4 years people management/leadership/development experience </li></ul> <p>#LI-AO1</p>