Manager, DevSecOps Engineering

关于Gap集团

我们旗下的品牌在世界上的重要鸿沟之间架设桥梁。Old Navy让时尚触手可及，确保每个人都能获得价廉物美的时尚单品。Athleta致力于释放每一位女性的潜能，不论身材、年龄或种族。Banana Republic相信可持续的奢华体验属于每个人。Gap更是启发了全世界，让所有人通过认真制作的现代服饰必备品展现其独特个性。    

这一简单的想法——即每个人都需要以自己的方式获得归属感——是我们作为一间公司以及制定决策的核心。​我们的团队由成千上万名来自世界各地具有冒险精神、全局视野并为顾客、社区和地球行善的员工组成。如果你具备全局视野，快速学习、无畏创新、大胆领导等品质，欢迎加入我们。

About the Role

In this role, you will lead the strategy, design, and delivery of security engineering solutions that protect the company's assets, infrastructure, and software supply chain. You will manage a team of security and DevOps engineers, driving a culture of security-first delivery across Cloud Security, CI/CD Pipeline Security, Product Security and Infrastructure Security. You will partner closely with Engineering, Product, and Leadership to set direction and ensure the business ships software with speed and confidence.

What You'll Do

• Lead the design, development, and implementation of information security solutions across Cloud Security, Infrastructure Security & Product Security.
• Own the security strategy for CI/CD pipelines, including automated testing, SAST/DAST scanning, dependency checks, and secrets detection — providing technical advisory and governance across hybrid, multi-cloud environments.
• Drive cloud security posture management, runtime protection, and code security through industry-leading cloud security and edge protection capabilities, ensuring continuous compliance and risk reduction.
• Define and enforce security policies, standards, and best practices that balance delivery speed with a strong security posture, in alignment with regulatory and legal requirements.
• Lead automation initiatives across cloud security processes, reducing manual effort and improving consistency at scale.
• Oversee API security standards and runtime protection across services and microservices architectures.
• Manage infrastructure security controls using infrastructure-as-code and container orchestration tooling, in line with container security best practices.
• Anticipate operational and program risks, developing preventative measures and driving rapid incident response across environments.
• Translate functional security requirements into technical roadmaps, guiding your team from strategy through to execution.
• Define, track, and communicate security metrics and key performance indicators — creating actionable insights from data to inform prioritization, demonstrate delivery effectiveness, and drive continuous improvement.
• Build strong cross-functional relationships with product and engineering squads, embedding security into development workflows and acting as a trusted security advisor at the leadership level.

Who You Are

• A proven leader with hands-on depth in DevSecOps or security engineering, and the ability to inspire, grow, and manage a high-performing team.
• Demonstrate deep knowledge of infrastructure security practices, concepts, and technologies, with proficiency across cloud security capabilities and modern security methodologies.
• Experience governing CI/CD pipelines and authoring configuration management and deployment tooling across modern CI/CD platforms.
• Strong scripting and development skills across languages such as Python, Bash, Go, or Java.
• Solid understanding of cloud security concepts including network segmentation and secrets management across major cloud providers.
• Experience anticipating operational risks and driving preventative measures across complex, fast-moving engineering environments.
• A confident communicator who can translate security priorities to developers, stakeholders, and executives alike.
• Familiarity with AI and machine learning capabilities as applied to DevSecOps and infrastructure management — including AI-assisted threat detection, anomaly detection, intelligent vulnerability triage, and the use of AI-powered tooling to enhance security automation and operational insight — is considered a strong advantage.
• Background in Computer Science, Information Security, or equivalent practical experience.