AppSec Jobs
← Back to all jobs

SEPHORA

CDI - Cloud Security Engineer (M/F/X)

Paris, Île-de-France, FranceWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About SEPHORA

Sephora is a leading French beauty retailer founded in 1969 by Dominique Mandonnaud. Originally a perfumery, it was renamed Sephora in 1993 and has since grown into a global brand, operating over 2,700 stores in 34 countries. Owned by LVMH since 1997, Sephora is valued at approximately $6.3 billion. The company is known for its innovative "assisted self-service"shopping experience, allowing customers to test products before purchasing. This approach, combined with knowledgeable staff and an open-sell format, sets Sephora apart from traditional cosmetics retailers. Sephora offers a wide range of prestige beauty products from nearly 500 brands, including its own Sephora Collection. Product categories include fragrance, makeup, skincare, haircare, and feminine hygiene products. The retailer caters to beauty enthusiasts and consumers looking for variety and discovery in a welcoming shopping environment.

Industry

retail

Employees

48,000

425 engineers

Revenue

$17B

Website

Visit →

Security at SEPHORA

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

Information not publicly available. Public materials provide evidence of a Vulnerability Disclosure Program but do not include public statements regarding the AppSec mission, developer enablement approach (e.g., 'paved road'), or specific risk philosophy.

Security Team

John Byun serves as the VP & CISO at Sephora. While broader security hiring is active with approximately 74 security-related job openings in the United States as of April 2026, specific details regarding the Application Security team's internal reporting lines, organizational model (centralized vs. embedded), and exact team size are not publicly available.

Key Initiatives

Sephora maintains a Vulnerability Disclosure Program (VDP) and has implemented a bug bounty program via HackerOne. A vendor case study noted that the security team identified 55 vulnerabilities, with 11 confirmed as true positives. However, there is no public evidence of a Security Champions program, specific 'Shift Left' practices in CI/CD, or detailed secure SDLC artifacts such as mandatory threat modeling or security review requirements.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.