Staff Infosec Engineer

About Gap Inc.

Our past is full of iconic moments — but our future is going to spark many more. Our brands — Gap, Banana Republic, Old Navy and Athleta — have dressed people from all walks of life and all kinds of families, all over the world, for every occasion for more than 50 years.

But we’re more than the clothes that we make. We know that business can and should be a force for good, and it’s why we work hard to make product that makes people feel good, inside and out. It’s why we’re committed to giving back to the communities where we live and work. If you're one of the super-talented who thrive on change, aren't afraid to take risks and love to make a difference, come grow with us. 

About the Role

In this role, you will design, develop, and implement comprehensive data security solutions to protect our company's sensitive information. You will focus on areas such as Cloud Security, Infrastructure Security, Product Security, Defensive Engineering, and Identity and Access Management to ensure robust data protection across all platforms.

What You'll Do

• Implement and manage data security solutions, including but not limited to Cloud Security, Infrastructure Security, Product Security, Defensive Engineering, and Identity and Access Management.
• Demonstrate proficient knowledge of infrastructure standard security practices, concepts, and technologies relevant to the role.
• Manage technical requirements analysis and draft technical design specifications based on interpretation of functional requirements gathered through working with business and project teams.
• Maintain an enterprise-wide identity and access management infrastructure.
• Implement security controls governing CI/CD pipelines and provide technical advisory support across a rapidly modernizing and dynamic hybrid multi-cloud, on-prem, and retail chain environment.
• Ensure governance and compliance with legal and regulatory requirements while maintaining company Information Security policies, standards, and industry best practices.
• Drive automation of cloud security processes.
• Mentor junior Security Engineers towards achieving command of the skills necessary to perform all work-related tasks.
• Perform regular security assessments and audits to ensure compliance with security policies and standards.
• Investigate and respond to security incidents, providing detailed reports and recommendations.
• Collaborate with development and IT teams to ensure secure coding practices and system configurations.
• Maintain and update security documentation, including policies, procedures, and guidelines.
• Stay informed about the latest security threats and technologies to proactively address potential risks.
• Utilize Microsoft Purview to manage and monitor data security, ensuring protection across clouds, apps, and devices.
• Implement popular Data Security Posture Management (DSPM) solutions such as Varonis, Cyera, and Sentra to enhance data security posture management.
• Apply AI/ML training to enhance cybersecurity defenses and automate security processes.
• Integrate employee productivity AI assistants to streamline tasks and improve efficiency.

Who You Are

Who you are:

• Demonstrate knowledge of infrastructure standard security practices, concepts, and technologies relevant to the specific role.
• Demonstrate proficiency in specific security technologies, applications, standards, and methodologies.
• Strong Java/J2EE development experience; strong scripting skills.
• Experience in pipeline security, CI/CD authoring, configuration management scripts, and deployment tools.
• Ability to assess relatively complex situations and analyze data to make judgments and recommend solutions.
• Understanding of concepts and procedures specific to Information Security Engineering practices.
• Knowledge of data protection technologies such as encryption, tokenization, and DLP.
• Familiarity with security frameworks and standards such as NIST, ISO 27001, and GDPR.
• Strong analytical and problem-solving skills.
• Good communication and teamwork abilities.

Preferred

• Bachelor s degree in related filed, to include computer science, or equivalent combination of education and experience
• 10+ years of experience in Data Security, cybersecurity, or a related field
• Relevant certifications such as CEH, CompTIA Security+, or GIAC.
• Experience with security tools and platforms such as SIEM, IDS/IPS, and firewalls.
• Knowledge of cloud security and DevSecOps practices.

Benefits at Gap Inc.

• One of the most competitive paid time off plans in the industry
• Comprehensive health coverage for employees, same-sex partners and their families
• Health and wellness program: free annual health check-ups, fitness center and Employee Assistance Program
• Comprehensive benefits to support the journey of parenthood
• Retirement planning assistance
• See more of the benefits we offer.