Posted on: January 9, 2020 | Job#: 314401

Product Security Engineer

Full-time | One Harrison Street, San Francisco, CA, US 94105


We’ll send you to our application portal to get started

About Gap Inc.

Our past is full of iconic moments — but our future is going to spark many more. Our brands — Gap, Banana Republic, Old Navy, Athleta, INTERMIX and Hill City — have dressed people from all walks of life and all kinds of families, all over the world, for every occasion for more than 50 years.

But we’re more than the clothes that we make. We know that business can and should be a force for good, and it’s why we work hard to make product that makes people feel good, inside and out. It’s why we’re committed to giving back to the communities where we live and work. If you're one of the super-talented who thrive on change, aren't afraid to take risks and love to make a difference, come grow with us. 

About the role

The Product Security Engineer reports to the Director of Product Security. In this role, the Engineer will work closely with technical peers across all of GapTech to ensure that all of our customer developed platforms and technologies protect all Gap Customer and Employee Data analyzed, captured, processed, and/or stored. The Engineer will also be key to enabling security self-sufficiency across our DevOps organization by helping establish local programs such as the Security Champions, Security University, and Application Security.

Key Duties
• Engages with the Business and DevOps partners using a consultative & partnering approach
• Establishes and maintains the local Security Champions program to enable business agility and
improve the overall application security posture of GapTech products
• Engages with business partners on projects to assess for security risk and help deliver secure
solutions via threat modeling, code review, penetration testing, and enforcing secure
development lifecycle
• Assist with the implementation and execution of the application security program in
collaboration with Business and DevOps partners
• Actively participates in the creation of the Security University curriculum for internal InfoSec
employees and business partners
• Stays abreast of trends and advances in IT/security solutions and monitors changes in the
operating environment that affect information security
• Presents security updates, recommendations, strategic opportunities to local leadership
• Develops relationships with local business leaders, challenging status quo on security matters
• Provides advice on a broad range of security items and strategies

Who you are

• Web application security experience including OWASP Top 10 vulnerabilities, browser security, javascript security, and rich web safety
• Deep understanding of web application attacks including SQLi, XSS, XXE, and other common security issues
• Creating and delivering usable introductory to advanced training to other engineers on security practices
• Significant knowledge of TCP/IP, cryptographic protocols and algorithms, operating system internals and operations, and application level protocols
• Demonstrated programming ability in C, C++, Java, php, Javascript, python, perl, and other languages
• Ability to configure, operate, and understand the regular workings of the following: Apache, PHP, SSH, UNIX hosts, TLS, etc.
• Experience working in a risk-based environment including mitigation, planning and implementation
• Operational flexibility in modifying business and operating practices to adapt to a changing environment
• Demonstrated ability to innovate and operate outside the comfort zone of established methods and procedures
• Demonstrated ability to gain immediate credibility at all levels both inside and outside the organization and develop lasting, productive and collaborative relationships
• Excellent communication and influencing skills including the ability to simplify key messages, present compelling stories and promote technical and personal credibility with internal and external executives, and both technical and non-technical audiences
• Proven success working across organizational and geographic boundaries
• Preferred Certifications - CISSP, CISA, CISM, CRISC, CGEIT, ISO27001
• Bachelor’s in Computer Science, Engineering or related technical field
• Minimum 3 years’ experience in an information-security related occupation

Benefits at Gap Inc.

  • Merchandise discount for our brands: 50% off regular-priced merchandise at Gap, Banana Republic and Old Navy, 30% off at Outlet and 25% off at Athleta for all employees.
  • One of the most competitive Paid Time Off plans in the industry.*
  • Employees can take up to five “on the clock” hours each month to volunteer at a charity of their choice.*
  • Extensive 401(k) plan with company matching for contributions up to four percent of an employee’s base pay.*
  • Employee stock purchase plan.*
  • Medical, dental, vision and life insurance.*
  • See more of the benefits we offer.

*For eligible employees

Gap Inc. is an equal-opportunity employer and is committed to providing a workplace free from harassment and discrimination. We are committed to recruiting, hiring, training and promoting qualified people of all backgrounds, and make all employment decisions without regard to any protected status. We have received numerous awards for our long-held commitment to equality and will continue to foster a diverse and inclusive environment of belonging. This year, we’ve been named as one of the Best Places to Work by the Humans Rights Campaign for the fourteenth consecutive year and have been included in the 2019 Bloomberg Gender-Equality Index for the second year in a row.


We’ll send you to our application portal to get started

Browse all jobs

Recently Viewed