Sr Staff, Infosec Engineering

About Gap Inc.

Our brands bridge the gaps we see in the world. Old Navy democratizes style to ensure everyone has access to quality fashion at every price point. Athleta unleashes the potential of every woman, regardless of body size, age or ethnicity. Banana Republic believes in sustainable luxury for all. And Gap inspires the world to bring individuality to modern, responsibly made essentials.     

This simple idea—that we all deserve to belong, and on our own terms—is core to who we are as a company and how we make decisions. Our team is made up of thousands of people across the globe who take risks, think big, and do good for our customers, communities, and the planet. Ready to  learn fast, create with audacity and lead boldly? Join our team.

About the Role

We are seeking a Security Engineer with diversified skillset to join our cybersecurity team. In this role, you will be responsible for planning & engineering our Risk Based Vuln. Prioritization, Cyber Efficiency, IoT security initiatives. You will work closely with cross-functional teams to identify, assess, and remediate vulnerabilities, and provide expert guidance on best practices and emerging threats.

What You'll Do

• Streamline organization’s Vuln. Mgmt. models to a unified risk based Vuln. Mgmt. model
• Experience in Risk based Vulnerability Prioritization and remediation
• Ensure compliance with industry standards and regulatory requirements related to vulnerability management, and develop and maintain vulnerability management policies, procedures, and best practices
• Design, develop, and implement robust security protocols for IoT devices and networks
• Conduct regular vulnerability assessments to identify security weaknesses in IoT systems
• Assess the potential impact of vulnerabilities on business operations and prioritize remediation efforts accordingly, providing recommendations for risk mitigation and security improvements
• Monitor Organization Network for any potential Zero Day Vulnerabilities/Exploits
• Ensure Rapid Response processes are rehearsed & kept up to date to handle any Zero Day Vulnerabilities or real time attacks
• Collaborate with Security Ops & Infosec leadership in developing a mitigation plan for control gaps, TTP’s, IOC’s & Threat Advisories
• Assess the potential impact of vulnerabilities on business operations and prioritize remediation efforts accordingly
• Educate and train staff on IoT security best practices and emerging threats
• Create and maintain comprehensive documentation related to IoT security protocols, incidents, and remediation efforts

Who You Are

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 9+ years of experience in IoT Security, Vulnerability Management or a related field
• Proficiency in IoT security tools and technologies, and experience with security frameworks and standards (e.g., NIST, ISO 27001)
• Strong analytical and problem-solving skills, with the ability to assess complex security issues and develop effective solutions
• Excellent written and verbal communication skills, with the ability to convey technical information to non-technical stakeholders

Benefits at Gap Inc.

• Merchandise discount for our brands: 50% off regular-priced merchandise at Old Navy, Gap, Banana Republic and Athleta, and 30% off at Outlet for all employees.
• One of the most competitive Paid Time Off plans in the industry.*
• Employees can take up to five “on the clock” hours each month to volunteer at a charity of their choice.*
• Extensive 401(k) plan with company matching for contributions up to four percent of an employee’s base pay.*
• Employee stock purchase plan.*
• Medical, dental, vision and life insurance.*
• See more of the benefits we offer.

*For eligible employees