About Gap Inc.
Our brands bridge the gaps we see in the world. Old Navy democratizes style to ensure everyone has access to quality fashion at every price point. Athleta unleashes the potential of every woman, regardless of body size, age or ethnicity. Banana Republic believes in sustainable luxury for all. And Gap inspires the world to bring individuality to modern, responsibly made essentials.
This simple idea—that we all deserve to belong, and on our own terms—is core to who we are as a company and how we make decisions. Our team is made up of thousands of people across the globe who take risks, think big, and do good for our customers, communities, and the planet. Ready to learn fast, create with audacity and lead boldly? Join our team.
About the role
GapTech Information Security is the global information security function for Gap Inc. inclusive of, and across, all Gap Inc. brands. The Security Manager (Penetration Testing)is a member of the Product Security team within GapTech Information Security, and reports to the Staff Engineer, Product Security. In this role, you will be responsible for driving a PenTest program to holistically test Gap Inc's systems and applications including E-commerce Website and stores systems for vulnerabilities and demonstrate the impact to the business through exploitation. Influences strategic direction and develops tactical plans and completes complex assignments with substantial latitude for actions or decisions. Maintains extensive contact with internal stakeholders, industry peers to identify, research, analyze and provide resolution to complex vulnerability issues. This person will work with a multi-national team of penetration testing engineers.
What you'll do
- Own and drive the penetration testing program for the Gap, Inc. Brands.
- Manage a team that performs Penetration Testing for Web Applications, Infrastructure, Network, Cloud Technologies and Mobile applications.
- Assist in PCI audit Penetration Testing for all Gap Inc brands and markets; Lead bug bounty program strategy, manage public bug bounty projects, own internal ticketing assignment and remediation reporting.
- Drive actionable metrics and reporting for operations and leadership transparency.
- Oversee the end-to-end report lifecycle from triage to resolution, including managing triage and escalation for inbound reports, managing state transitions, and tracking internal remediation tickets.
- Foster ownership, inclusiveness, accountability, pragmatism, supportive work culture and urgency in the team.
- Partner with product managers, software engineers within and outside of InfoSec to reduce vulnerabilities and improve code quality in the organization.
Who you are
- 2+ years of experience managing a PenTest team of security engineering professionals for a Globally distributed organization.
- 5+ years of experience in penetration testing, offensive security, red teaming with both manual and automated penetration testing against internal and external facing corporate infrastructures
- Ability to prioritize and manage across multiple, often time-sensitive initiatives.
- Familiar with industry-standard security best practices and multiple techniques for penetration testing
- High-level understanding of Security architecture both from a penetration testing and design point of view.
- Exceptional organizational, communication, and leadership skills.
- Self-directed, works with minimal guidance, recognizes and asks for guidance when needed.
- Effective written, verbal communication skills. Ability to tailor communication to different levels of stakeholders based on technical affinity of the audience.
Benefits at Gap Inc.
- Merchandise discount for our brands: 50% off regular-priced merchandise at Old Navy, Gap, Banana Republic and Athleta, and 30% off at Outlet for all employees.
- One of the most competitive Paid Time Off plans in the industry.*
- Employees can take up to five “on the clock” hours each month to volunteer at a charity of their choice.*
- Extensive 401(k) plan with company matching for contributions up to four percent of an employee’s base pay.*
- Employee stock purchase plan.*
- Medical, dental, vision and life insurance.*
- See more of the benefits we offer.
*For eligible employees
Gap Inc. is an equal-opportunity employer and is committed to providing a workplace free from harassment and discrimination. We are committed to recruiting, hiring, training and promoting qualified people of all backgrounds, and make all employment decisions without regard to any protected status. We have received numerous awards for our long-held commitment to equality and will continue to foster a diverse and inclusive environment of belonging. This year, we’ve been named as one of the Best Places to Work by the Humans Rights Campaign for the fourteenth consecutive year and have been included in the 2019 Bloomberg Gender-Equality Index for the second year in a row.
Browse all jobs