Staff Infosec Engineer

About Gap Inc.

Our past is full of iconic moments — but our future is going to spark many more. Our brands — Gap, Banana Republic, Old Navy and Athleta — have dressed people from all walks of life and all kinds of families, all over the world, for every occasion for more than 50 years.

But we’re more than the clothes that we make. We know that business can and should be a force for good, and it’s why we work hard to make product that makes people feel good, inside and out. It’s why we’re committed to giving back to the communities where we live and work. If you're one of the super-talented who thrive on change, aren't afraid to take risks and love to make a difference, come grow with us. 

About the Role

We are seeking an experienced DevSecOps Strategist to join GAP Inc.’s cybersecurity team. In this role, you will be responsible for integrating security practices into the DevOps pipeline, ensuring that our applications and infrastructure are secure from development through deployment and beyond. You will work closely with product teams to address security needs, manage engineering tasks, handle incidents, and provide support in a hybrid cloud environment.

What You'll Do

• Ensure security is embedded throughout the Software Development Life Cycle (SDLC) from design to deployment.
• Develop and implement automated security testing and compliance checks within CI/CD pipelines.
• Identify, evaluate, and address security risks and vulnerabilities in software and infrastructure.
• Continuously monitor systems for security breaches and respond promptly to incidents.
• Create and enforce security policies and procedures to protect organizational assets.
• Work closely with development, operations, and security teams to foster a culture of security.
• Educate team members on security best practices and their roles in maintaining security.
• Ensure all processes comply with relevant security standards and regulations.
• Keep up-to-date with the latest security trends, threats, and technologies.

Who You Are

What are we looking for ?

• Bachelor s degree in related filed, to include computer science, or equivalent combination of education and experience
• Minimum of 8 years in DevSecOps or related fields, with a strong background in integrating security into DevOps practices.
• Proficiency in security tools and technologies, including threat modeling, risk assessment, and vulnerability management.
• Extensive exposure to Container Security, Securing IaC, CSPM, Secret Scanning & API Security.
• Hands on experience in Prisma Cloud, Hashicorp Vault Radar, Noname and other similar tools.
• Strong coding and scripting abilities in languages such as Python, Java, or Ruby.
• Experience with cloud security principles and tools, including secure architecture design and configuration management.
• Familiarity with automation tools and practices, particularly in the context of security.
• Excellent communication skills to effectively collaborate with cross-functional teams.
• Ability to adapt to rapidly changing security landscapes and emerging threats.
• Keen attention to detail to ensure thorough and accurate security assessments and implementations.
• Relevant certifications such as Certified DevSecOps Engineer (CDSE), CISSP, or equivalent.

• Leads with a Growth Mindset.
• Cultivates a Trusting Environment.
• Drives what Matters.
• Works with a 'One Team' Approach.

Benefits at Gap Inc.

• One of the most competitive paid time off plans in the industry
• Comprehensive health coverage for employees, same-sex partners and their families
• Health and wellness program: free annual health check-ups, fitness center and Employee Assistance Program
• Comprehensive benefits to support the journey of parenthood
• Retirement planning assistance
• See more of the benefits we offer.