Position: Sr. Security Engineer at GAP
Location: San Francisco, CA
Duration: 6-12 months
Work closely with project managers and enterprise architects to ensure the implementation of approved security designs.
Work with business partners to implement the overall solution architecture and provide technical leadership during the design, development, and testing phase of major initiatives.
Create and present engineering design documents to business partners and executive leadership.
Support the implementation and enforcement of security and design principles according to the policies, standards, and procedures of Gap Inc.
Research and present trade’ documents and risk assessments to leadership. Partner with Gap Inc.'’s
Centers of Excellence to provide guidance on security issues.
Bachelor's degree in Computer Science or EE preferred.
CISSP, GIAC or CISM preferred. Security engineering experience.
Enterprise level security experience. Knowledge of cryptographic systems and algorithms.
Experienced in leading the implementation of multiple large, multi-platform security initiatives.
Knowledge and understanding of security best practices and designs.
Detailed understanding of the Payment Card Industry (PCI) security standard.
Experience in the implementation of controls to mitigate PCI issues.
Strong communication skills required to discuss and present complex engineering principles and issues to both technical and non-technical business leadership.
Ability to work with multiple project teams, provide engineeringguidance and decision making to ensure architectural alignment.
Ability to adapt to rapidly changing priorities and conditions.
Infrastructure Security Engineer II 2 Folsom St.
Gap Inc. Technology is the engine driving innovative retail, e-commerce, and global enterprise technology for Gap Inc.’s five renown brands – Gap, Banana Republic, Old Navy, Athleta and INTERMIX.
We’re looking for exceptional talent with fresh ideas, cutting-edge skills, and a passion for retail technology. As part of our team, you’ll be exposed to hands-on learning opportunities across all facets of the Gap Inc.
Technology organization, working on high-profile, big-impact projects alongside the best technologists and leaders in the industry.
Ready to get started? The Infrastructure SecurityEngineer reports to the Director of Data Protection and Infrastructure.
In this role, the Engineer will work closely with technical peers across all of GapTech to ensure that all of our customer developed platforms and technologies protect all Gap Customer and Employee Data analyzed, captured, processed, and/or stored.
The Engineer will also be key to enabling security self-sufficiency across our DevOps organization by help design, deploy, and operate solutions that strengthen our capabilities in Data Protection, Endpoint Security, Critical Infrastructure, and Vulnerability Management.
• The Information SecurityEngineer position works closely with infrastructure, application, and managed service provider teams to ensure the securityposture of Gap’s global enterprise is maintained, including endpoint, network, server and border security.
• Assist in developing solutions to ensure existing and new systems and application deployments are appropriately secured to meet security policy and standards, and audit compliance requirements
• Identify security issues and risks associated with security events reported by L1 or L2 InfoSec teams, or via alerts from various security tools, and develop remediation and/or risk mitigation plans
• Participate in investigations of suspected information technology security misuse or compliance reviews as requested by Gap’s SecurityCouncil, InfoSec management, or as required when alerts are received from InfoSec threat monitoring tools
• Assist in responses to internal and external compliance audits, e-Discovery data collection, penetration tests and vulnerability assessments
• Coordinate maintenance of security-related systems (Anti-Virus, Patching, Intrusion Detection, Logging, Anti-spam, etc.)
• Bachelor's degree in computer science or related field, preferred
• 3-5 years of experience in the security field with working knowledge of any network and InfoSec components, including firewalls, intrusion detection systems, anti-malware products, e-Discovery and forensics tools and products, data encryption, VPN's, vulnerability scanners, multiple operating systems (Windows, UNIX, Linux, etc.), and directory services (Active Directory, LDAP)
• Significant knowledge of TCP/IP, cryptographic protocols and algorithms, operating system internals and operations, and application level protocols
• Ability to configure, operate, and understand the regular workings of the following: Apache, PHP, SSH, UNIX hosts, TLS, etc.
• Passion to learn or knowledge of information security risks and counter-measures for Windows and Unix/Linux platforms
• Demonstrate the strong communication skills required to discuss and present engineering principles and issues to both technical and non-technical business partners & write concise proposals and documentation
• The ability to provide support after normal business hours, as needed Preferred Certifications - CISSP, CISA, CISM, CRISC, CGEIT, ISO27001