Posted on: September 28, 2020 | Job#: 339348

Product Security Engineer

Full-time | One Harrison Street, San Francisco, CA, US 94105


We’ll send you to our application portal to get started.

About Gap Inc.

Our brands bridge the gaps we see in the world. Old Navy democratizes style to ensure everyone has access to quality fashion at every price point. Athleta unleashes the potential of every woman, regardless of body size, age or ethnicity. Banana Republic believes in sustainable luxury for all. And Gap inspires the world to bring individuality to modern, responsibly made essentials.     

This simple idea—that we all deserve to belong, and on our own terms—is core to who we are as a company and how we make decisions. Our team is made up of thousands of people across the globe who take risks, think big, and do good for our customers, communities, and the planet. Ready to  learn fast, create with audacity and lead boldly? Join our team.

About the role

Gap Inc. Technology is the engine driving innovative retail, e-commerce, and global enterprise technology for Gap Inc.’s five renowned brands – Gap, Banana Republic, Old Navy, Athleta, and INTERMIX. We’re looking for exceptional talent with fresh ideas, cutting-edge skills, and a passion for retail technology. As part of our team, you’ll be exposed to hands-on learning opportunities across all facets of the Gap Inc. Technology organization, working on high-profile, big-impact projects alongside the best technologists and leaders in the industry. Ready to get started?

GapTech Information Security is the global information security function for Gap Inc. inclusive of, and across, all Gap Inc. brands. The Product Security DevSecOps Engineer is a member of the Product Security team within GapTech Information Security, and reports to the Staff Engineer, Product Security. In this role, the PSEC DevSecOps Engineer will cater to the needs of the business, engage with the product, infra, and developer teams, be responsible for implementing security controls governing CI/CD pipelines, and providing technical advisory support across a rapidly modernizing and dynamic hybrid multi-cloud, on-prem and retail chain environment, ensuring governance and compliance with legal and regulatory requirements, maintain Gap Inc. Information Security policies, standards, and industry best practices.

What you'll do

  • Lead the security strategy governing the applications and cloud-based platform infrastructure.
  • Collaborate with other infrastructure, DevOps, InfoSec, and application engineers to understand the product, technology, and business needs.
  • Define and own guidance, alerts, and security as code deployments to provide protection from malicious traffic, vulnerabilities, and other attack vectors.
  • Own the management and remediation of identified security flaws within our development platforms.
  • Architect procedures to automate security tasks that seamlessly integrate into code builds and deployments.
  • Build security utilities and tools for internal use that enable the DevSecOps team to operate at high speed and wide scale.
  • Develop, document, and maintain security and compliance capabilities in support of DevOps processes.

Who you are

  • Hands-on experience in deploying and securing cloud resources using ARM templates, Terraform etc.
  • Experience in writing Automation runbooks for monitoring and alerting in Azure and OCI workloads.
  • Experience in managing and securing DevOps products like Azure DevOps, Circle CI, CodeFresh is a plus.
  • Experience with SIEM, IPS/IDS, security operations, incident analysis, incident handling, vulnerability management or testing, log analysis.
  • Hands-on experience in implementing and operating modern SDLC stack tooling (SAST/SCA/DAST/IAST).
  • Experience in implementing and securing Kubernetes, Helm, Envoy Proxy, Istio workloads. AquaSec, PortShift or similar product experience is a plus.
  • Experience in Programming or scripting with a popular modern language utilized by the above tools (Java, Python, Ruby, etc.).

Notice to applicants in San Francisco: Gap Inc. and its related brands will consider for employment, qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chance Ordinance. The Fair Chance Ordinance is provided here: English Spanish Chinese Tagalog

Benefits at Gap Inc.

  • Merchandise discount for our brands: 50% off regular-priced merchandise at Old Navy, Gap, Banana Republic and Athleta, and 30% off at Outlet for all employees.
  • One of the most competitive Paid Time Off plans in the industry.*
  • Employees can take up to five “on the clock” hours each month to volunteer at a charity of their choice.*
  • Extensive 401(k) plan with company matching for contributions up to four percent of an employee’s base pay.*
  • Employee stock purchase plan.*
  • Medical, dental, vision and life insurance.*
  • See more of the benefits we offer.

*For eligible employees

Gap Inc. is an equal-opportunity employer and is committed to providing a workplace free from harassment and discrimination. We are committed to recruiting, hiring, training and promoting qualified people of all backgrounds, and make all employment decisions without regard to any protected status. We have received numerous awards for our long-held commitment to equality and will continue to foster a diverse and inclusive environment of belonging. This year, we’ve been named as one of the Best Places to Work by the Humans Rights Campaign for the fourteenth consecutive year and have been included in the 2019 Bloomberg Gender-Equality Index for the second year in a row.


We’ll send you to our application portal to get started.

Browse all jobs

Recently Viewed