Product Security Engineer

Full Time
San Francisco, CA
report a problem

Gap Inc. Technology is the engine driving innovative retail, e-commerce, and global enterprise technology for Gap Inc.’s five renown brands – Gap, Banana Republic, Old Navy, Athleta and INTERMIX. We’re looking for exceptional talent with fresh ideas, cutting-edge skills, and a passion for retail technology. As part of our team, you’ll be exposed to hands-on learning opportunities across all facets of the Gap Inc. Technology organization, working on high-profile, big-impact projects alongside the best technologists and leaders in the industry. Ready to get started?

The Product Security Engineer reports to the Director of Product Security. In this role, the Engineer will work closely with technical peers across all of GapTech to ensure that all of our customer developed platforms and technologies protect all Gap Customer and Employee Data analyzed, captured, processed, and/or stored. The Engineer will also be key to enabling security self-sufficiency across our DevOps organization by helping establish local programs such as the Security Champions, Security University, and Application Security.

Key Duties
  • Engages with the Business and DevOps partners using a consultative & partnering approach
  • Establishes and maintains the local Security Champions program to enable business agility and improve the overall application security posture of GapTech products
  • Engages with business partners on projects to assess for security risk and help deliver secure solutions via threat modeling, code review, penetration testing, and enforcing secure development lifecycle
  • Assist with the implementation and execution of the application security program in collaboration with Business and DevOps partners
  • Actively participates in the creation of the Security University curriculum for internal InfoSec employees and business partners
  • Stays abreast of trends and advances in IT/security solutions and monitors changes in the operating environment that affect information security
  • Presents security updates, recommendations, strategic opportunities to local leadership
  • Develops relationships with local business leaders, challenging status quo on security matters
  • Provides advice on a broad range of security items and strategies
  • Web application security experience including OWASP Top 10 vulnerabilities, browser security, javascript security, and rich web safety
  • Deep understanding of web application attacks including SQLi, XSS, XXE, and other common security issues
  • Creating and delivering usable introductory to advanced training to other engineers on security practices
  • Significant knowledge of TCP/IP, cryptographic protocols and algorithms, operating system internals and operations, and application level protocols
  • Demonstrated programming ability in C, C++, Java, php, Javascript, python, perl, and other languages
  • Ability to configure, operate, and understand the regular workings of the following: Apache, PHP, SSH, UNIX hosts, TLS, etc.
  • Experience working in a risk based environment including mitigation, planning and implementation
  • Operational flexibility in modifying business and operating practices to adapt to a changing environment
  • Demonstrated ability to innovate and operate outside the comfort zone of established methods and procedures
  • Demonstrated ability to gain immediate credibility at all levels both inside and outside the organization and develop lasting, productive and collaborative relationships
  • Excellent communication and influencing skills including the ability to simplify key messages, present compelling stories and promote technical and personal credibility with internal and external executives, and both technical and non-technical audiences
  • Proven success working across organizational and geographic boundaries
  • Preferred Certifications - CISSP, CISA, CISM, CRISC, CGEIT, ISO27001 
  • Bachelor’s in Computer Science, Engineering or related technical field and 2 
  • Minimum 3 years experience in an information-security related occupation

Share this job:

Gap Inc.

Doris and Don Fisher opened the first Gap store in 1969. The reason was simple. Don couldn’t find a pair of jeans that fit.

They never expected to transform retail. But they did.

Guided by humility, compassion and a strong desire to win, the Fishers grew their company thoughtfully. Customers responded.

Today, Gap Inc. is a leading international specialty retailer with five brands – Gap, Banana Republic, Old Navy, Athleta and INTERMIX – almost 3,200 stores and more than 150,000 employees.

We’re growing globally, and just within the last few years, we opened our first stores in China and Italy. We're expanding online shopping to customers, too. Today, customers in about 90 countries can buy our products.

While many things have changed since 1969, the principles on which we were founded have stayed the same: creativity, delivering results, doing what’s right and always thinking of our customers first.

Fashion & Apparel, IT/E-Commerce, Retail, Supply Chain, Inventory Management, Design & Merchandising
Visit Gap Inc.'s Social Media pages:
Company Industry: Retail
Company Type: Public Company
Company Size: 10,001+