Director of Engineering Cloud Security

Pay is based on several factors which vary based on include labor markets and in some instancesmay include education work experience and addition to your pay Target cares about and invests in you as a team member so that you can take care of yourself and your family. Target offers eligible team members and their dependents comprehensive health benefits and programs which may include medical vision dental life insurance and more to help you and your family take care of your whole benefits for eligible team members include 401(k) employee discount short term disability long term disability paid sick leave paid national holidays and paid competitive benefits from financial and education to well-being and beyond at Us:

Working at Target means helping all families discover the joy of everyday life. We bring that vision to life through our values and culture.Learn more about Target here.Target is one of the worlds most recognized brands and one of Americas leading retailers. But behind the brand our guestsloveis a culture of continual innovation and right now we are up tobig things! Targets security team is a place where innovation happens daily. Interested in a culture that combines ongoing learning engineering excellence and stellar outcomes We are too thatswhy we work here. Join our team to improve Targets security and move the business forward.

As an Engineering Director on the Cloud Security teamyoulllead a team of engineers responsible for deployingoperating automating and scaling cloud security capabilities across Targets public and private cloud environments. Your team is responsible for turning requirements into running scaled and continuously improving controls including CSPMIaCscanning Kubernetes admission control SSPM secure configurationmanagement cloud workload protection and the integration of cloud security findings into Targets enterprise remediation and governance processes.

Beyond deep technicalexpertise you have a strong bias for action and a builders mindset.Cloud Security sitsbetween architectureand the engineering teams who consume it and you are comfortable operating in thatrealm translating security requirements into reliable automated developer-friendly controls; owning the day-to-day operation and continuous improvement of the platforms that enforce them; coordinating exceptions and developer-experience tradeoffs with BISO Security Architecture and product engineering; and partnering with Detection & Response Vulnerability Management and the broader Cloud Platform organization so that cloud security findings flow into the enterprise remediation lifecycle. You have the engineering credibility to lead engineers who build andoperatethis platform and the communication and partnership skills to make the controls land well across Target.

Expect to:

Lead build and develop a team of cloud securityplatform automation and governance engineers responsible for the day-to-day implementation and operation of Targets cloud security controls.

Establishgood stakeholder communication work closely with partner teams and help drive requirements while being a strong advocate of efficient and secure engineering practices.

Build and manage a team of high performing engineers and provide leadership coaching motivation and recommend staffing levels operating procedures tools and systems for the team.

Provide career development and performance management to a team of engineers.

Set the engineering culture and bar for the team code quality testing code review on-call hygiene postmortems and operational excellence.

Own the end-to-end engineering deployment configuration and ongoing operation of Targets cloud security platforms including CSPMIaCscanning Kubernetes admission control SSPM secure config management and cloud workload protection across Targets public and private cloud environments.

Operatethese platforms as production systems: owntheir availability performance observability capacity upgrade cadence and outage response with clear SLOs and on-call coverage.

Own the implementation ofIaCscanning policies in CI/CD pipelines turning architectural requirements (e.g. Rego policy) into reliable developer-friendly guardrails that fail fast and explain why.

Implement andoperateKubernetes admission controller policies across the private and public cloudfleet andown the rollout strategy that gets to enforcement without breaking developers.

Build andoperatethe capabilities that support cloud incident response in partnership with Detection & Response.

Translate policy requirements into a prioritized engineeringroadmap anddeliver against it predictably.

Drive multi-quarter initiatives end-to-end: from problem framing and scoping through design build rollout adoption and steady-state operation.

Make pragmatic build-vs-buy decisions and own the lifecycle of the cloud security tools the teamoperates: vendor relationship evaluations/POCs contract input capability adoption and sunsetting.

Drive adoption of the teams controls across Target Tech including onboarding exception/governance workflows and developer enablement.

Treat the cloud security control plane as a product: invest in automation self-service and platform thinking so controls scale with Targets cloud footprint.

Continuously reduce toil for both your team and Targets engineering organization fewer one-off tickets more paved roads better defaults faster feedback in CI/CD.

Own the developer experience of the teams controls: clear error messages documented escape hatches fast and well-coordinated exception handling and a tight feedback loop with product engineering.

Own the findings pipeline: aggregate signal from config hardening CSPMIaCand admission controller exceptions and SSPM and ship it into Targets enterprise remediation dashboardswith SLAsso product and platform teams can act.

Partner with the broader Cloud Platform organization Identity Security Network Security Data Security Detection & Response Vulnerability Management BISO and product engineering toalign onrequirements rollout plans and operational ownership.

Represent the teams work clearly to senior leadership: roadmap risk reduction operational health and tradeoffs in language tuned to the audience.

Core responsibilities are described within this job description. Job duties may change at any time due to business needs.

About You:

4-year degree OR equivalent work experience

10 years of hands-on experience in technology with deep experience in cloud security and the adjacent disciplines that make it work cloud platform engineering KubernetesIaC/CI-CD automation identity and detection/response integration

4 years managing engineering teams with a strongtrack recordof delivery in a platform infrastructure software development or security engineering context

Experience hiring growing andretainingsenior engineering talent and building team operating models from the ground up

You lead engineers not just programs:youveowned the full stack of engineering management hiring performance career growth on-call culture code review standards postmortems and operational excellence

Demonstratedtrack recordof running production platforms with clear SLOs on-call coverage change management and continuous-improvement loops

Experience driving multi-quarter roadmaps end-to-end from problem framing through rollout adoption and steady-state operation and delivering predictably against them

Comfortable making and defending pragmatic build-vs-buy decisions owning vendor relationships and tool lifecycles and knowing when to invest in custom engineering vs. lean on a platform

Demonstratedexperience leading teams thatoperatecloud security platforms at scale CSPMIaCscanning SSPM Security Configuration Management and cloud workload protection

Hands-on experience with public cloud (GCPpreferred; AWS/Azure experience also valued) and private cloud / Kubernetes environments at enterprise scale

Expertisein Kubernetes and admission controller frameworks including the rollout patterns required to move from detect to enforce without breaking developers

Strong working knowledge of infrastructure as code (Terraform and equivalent) and policy-as-code (e.g. Rego) and experience integrating policy enforcement into CI/CD

Experience building and operating findings pipelines that integrate cloud security signal into enterprise remediation/governance platforms (e.g. shipping CSPMIaC admission controller and SSPM findings to acentralized dashboardswith ownership attribution & SLAs)

Experience integrating cloud telemetry into enterprise SIEM/SOAR pipelines

Proven history of effectivelyutilizinga variety of security tools and technologies across diverse environments. The ideal candidate will not be limited to specific vendors or solutions but willpossessthe technical depth tocomprehendand implement end-to-end solutions that align withthe reference security architectures requirements

Hands-on experience integrating security tooling with developer workflows (CI/CD source control ticketing IDP/internal developer platforms) in a way that scales with a large engineering organization

Strong understanding of secure software development practices network security fundamentals and modern cloud-native architectures

Solid understanding of AI/ML and the emerging security considerations associated with it including how to enforce them through cloud security tooling

Automation-first engineering mindset with hands-on fluency in at least one general-purpose language (e.g. Python Go) anda track recordof building reusable platforms and paved roads instead of one-off scripts

Strong cross-functional partner: comfortable working closely with security architecture cloud platform identity network data security detection & response vulnerability management BISO and product engineering teams to align requirements rollout plans and operational ownership

Effective atrepresentingyour teams work risks and tradeoffs to senior leadership and equally effective explaining the same content to staff engineers in detail

Good understanding of security management workflows in large enterprise organizations and complex environments and of the current threat landscape and the challenges most organizations are facing

Working knowledge of security frameworks standards and best practices (e.g. NIST CIS Benchmarks ISO/IEC 27001) enough to align the teams controls to them without being the policy author

Excellent written and verbal communication skills with strong presentation abilities

Demonstratedcuriosity bias for action and a genuine builders mindset you want to ship the platform not just describe it

This position willoperateas a Hybrid/Flex for Your Day work arrangement based on Targets needs. A Hybrid/Flex for Your Day work arrangement means the team members core rolewill need to beperformedboth onsite at the Target HQ MN location the role is assigned to and virtuallydepending upon what your role team and tasks require for that day. Work duties cannot be performed outside of the country of the primary work location unless otherwise prescribed by Target. Clickhereif you are curious to learn more about Minnesota.