Gap Inc Technology - Security Architect - Information Security

Our past is full of iconic moments - but our future is going to spark many more. We're looking for people who'll help make our next decade just as revolutionary as our first five. If you're one of the super-talented who thrive on change, aren't afraid to take risks and love to make a difference, you're the right fit. Come grow with us.

Gap Tech is the engine behind Gap Inc.'s mission to be the world's favorite. Our technologists are driving retail technology innovation, e-commerce for all of Gap Inc.'s brands and delivering global, scalable, cloud-based solutions using best in class platforms. Reimagining retail with technology has never been more fun!

The Product/Cloud Security Architect reports to the Director of Product Security. Incumbent will work closely with technical peers across all GapTech to ensure that our entire customer developed platforms and technologies protect all Gap Customer and Employee Data; analyze, capture, process and/or store. Incumbent will also be key to enabling security self-sufficiency across our DevOps organization by helping establish local programs such as the Security Champions, Security University, and Application Security.

What is expected of you :

- Architect security solutions for cloud implementation, meeting a variety of needs across technical and functional domains

- Engage with the Business and DevOps partners using a consultative & partnering approach

- Establish and maintain the local Security Champions program to enable business agility and improve the overall application security posture of GapTech products

- Engage with business partners on projects to assess for security risk and help deliver secure solutions via threat modeling, code review, penetration testing, enforce secure development lifecycle

- Assist with the implementation and execution of the application security program in collaboration with Business and DevOps partners

- Actively participate in the creation of the Security University curriculum for internal Information Security (InfoSec) employees and business partners

- Stay abreast of trends and advances in IT/security solutions and monitors changes in the operating environment that affect information security

- Present security updates, recommendations, strategic opportunities to local leadership

- Develop relationships with local business leaders, challenging status quo on security matters

- Provide advice on a broad range of security items and strategies

- Analyze and resolve problems of high to the critical complexity

- Strength in building partnerships; working collaboratively in a matrixed environment

- Creative thinker hence solving problems in an innovative way

- Strong ability to prioritize and multi-task

- Ability to work well with business and technical teams

- Growth mindset with high adaptability to changing requirements

Technical Qualifications :

- Bachelor's in Computer Science, Engineering or related technical field

- 7-9 years of experience in an information-security related occupation

- Web application security experience including OWASP Top 10 vulnerabilities, browser security, JavaScript security, and rich web safety

- Deep understanding of web application attacks including SQL, XSS, XXE, and other common security issues

- Creating and delivering usable introductory to advanced training to other engineers on security practices

- Significant knowledge of TCP/IP, cryptographic protocols and algorithms, operating system internals and operations, and application level protocols

- Demonstrated programming ability in C, C++, Java, php, JavaScript, python, Perl, and other languages

- Ability to configure, operate, and understand the regular workings of the following: Apache, PHP, SSH, UNIX hosts, TLS, etc.

- Experience working in a risk-based environment including mitigation, planning and implementation

- Operational flexibility in modifying business and operating practices to adapt to a changing environment

- Demonstrated ability to innovate and operate outside the comfort zone of established methods and procedures

- Demonstrated ability to gain immediate credibility at all levels both inside and outside the organization and develop lasting, productive and collaborative relationships

- Excellent communication and influencing skills including the ability to simplify key messages, present compelling stories and promote technical and personal credibility with internal and external executives, and both technical and non-technical audiences

- Proven success working across organizational and geographic boundaries

- Preferred Certifications - CISSP, CISA, CISM, CRISC, CGEIT, ISO27001

Gap Inc. is an equal-opportunity employer and is committed to providing a workplace free from harassment and discrimination. We are committed to recruiting, hiring, training and promoting qualified people of all backgrounds, and make all employment decisions without regard to any protected status.

In 2016, Gap Inc. was named one of the Best Places to Work by the Human Rights Campaign for the thirteenth consecutive year and was the sole winner of the Catalyst award for equality in the workplace in 2016.