Sr Staff, InfoSec Engineer - Security Architecture

About Gap Inc.

Our brands bridge the gaps we see in the world. Old Navy democratizes style to ensure everyone has access to quality fashion at every price point. Athleta unleashes the potential of every woman, regardless of body size, age or ethnicity. Banana Republic believes in sustainable luxury for all. And Gap inspires the world to bring individuality to modern, responsibly made essentials.     

This simple idea—that we all deserve to belong, and on our own terms—is core to who we are as a company and how we make decisions. Our team is made up of thousands of people across the globe who take risks, think big, and do good for our customers, communities, and the planet. Ready to  learn fast, create with audacity and lead boldly? Join our team.

About the Role

In this role you will be part of the Security Architecture team within Product Security. Product Security as a whole is responsible for the security of applications from conception to steady state, and within that Security Architecture is responsible for the secure design and threat modeling as well as to serve as the Security Partner for product teams. You will build relationships and collaborate with leaders, architects and senior members of technical and product teams to understand the technical & business context around applications and processes and influence decisions around maximum allowable risk and securing applications and data.

What You'll Do

• As a team we perform comprehensive security reviews for all projects within GapTech. This will include threat modeling and designing secure-by-default solutions.
• Develop and maintain deep relationships with the various teams delivering products within Gap Inc including product and engineering leaders to ensure security is built in from the start.
• Act as a key stakeholder and subject matter expert in decisions around maximum allowable risk. Collaborate with senior technical and product leads to assess when projects can proceed as is, what risks can be accepted, what investment & tooling are required to address any open security concerns, and what fundamental security building blocks in terms of technology and processes need to be put in place by GapTech.
• Work closely with teams to understand dev practices and technologies leveraged to deliver products and use that knowledge to build and recommend security controls appropriate to them.
• Create security policies and standards and enforce them.
• Assess and communicate potential security risks and make recommendations to stakeholders and leadership. Collaborate and partner with other Infosec teams to incorporate feedback early in the application lifecycle as well as influence processes in other parts of Infosec.
• Stay current with the latest security trends, threats and develop and maintain deep industry expertise to incorporate it into your work to ensure the company's applications and data remain secure.
• Providing training and education to developers and business teams on security best practices.

Who You Are

• Senior Infosec engineer with 10+ experience working as security architect or security partner with development teams. Alternately, a senior developer looking to pivot to Infosec and leverage development background to work closer with technical teams.
• Strong technical knowledge and understanding of modern web application technologes such as React, Node.js, APIs, OAuth, etc. and cloud infrastructure technologies such as Azure, GCP, Kubernetes, etc.
• Strong technical knowledge and understanding of modern web applications such as React, Node.js, APIs, OAuth, etc., cloud infrastructure technologies such as Azure, GCP, Kubernetes, etc., and data engineering platforms like Databricks and BigQuery. Additionally, proficiency and a deep understanding of risks and securing Generative AI and machine learning frameworks.
• You are an expert in AI and large language models (LLMs), with a proven track record of integrating and securing these technologies within organizations, leveraging both self-built solutions and vendor tools to drive innovation and ensure robust security frameworks.
• Strong problem-solving skills and ability to perform technical analysis at both a high and low level of detail. Ability to assess relatively complex situations and analyze data to make independent judgments and recommend solutions.
• Effective written and verbal communication skills with the ability to collaborate and interact across teams and at varying levels of management. Ability to communicate difficult concepts in a simple manner.
• Strong negotiation skills to influence decisions while working with senior technical architects and business leads.
• Ability to filter, prioritize, and organize work appropriately to meet and exceed goals.
• Aptitude to understand technical solutions and business processes quickly.

Benefits at Gap Inc.

• Merchandise discount for our brands: 50% off regular-priced merchandise at Old Navy, Gap, Banana Republic and Athleta, and 30% off at Outlet for all employees.
• One of the most competitive Paid Time Off plans in the industry.*
• Employees can take up to five “on the clock” hours each month to volunteer at a charity of their choice.*
• Extensive 401(k) plan with company matching for contributions up to four percent of an employee’s base pay.*
• Employee stock purchase plan.*
• Medical, dental, vision and life insurance.*
• See more of the benefits we offer.

*For eligible employees