Information Security Incident Response Threat Hunter

Gap Inc. is changing the future of retail and reimagining how people shop and engage with our brands. Our obsession with delighting customers and our commitment to deliver fully on those experiences is what sets us apart.

We are diversifying our teams and our talent globally, and expanding our talent.

Summary: The Systems Engineer II (Incident Response Threat Hunter) works as a member of Gap Inc. Cyber Defense Center team within the Information Security Organization and will be responsible for Incident Response Threat Hunting and Incident Response support on escalated Security events.


  • Hunt for and identify threat actor groups and their techniques, tools, and processes
  • Participate in Hunt missions using threat intelligence, analysis of anomalous log data and results of brainstorming sessions to detect and eradicate threat actors
  • Maintain current knowledge of tools and best-practices in advanced persistent threats; Tactics, Techniques and Procedures (TTPs) of attackers
  • Develop Threat Hunting dashboards and reports to identify potential threats, suspicious/anomalous activity, and malware
  • Identify malicious or anomalous activity based on event data from Firewalls, WAF, IPS, HIPS, Anti-Virus, and other sources
  • Perform deep dive analysis by correlating data from various sources
  • Provide expert analytic investigative support for critical Incident Response security incidents
  • Act as an escalation support for Incident Response SOC on critical security events
  • This position requires the ability to work in shift schedules and on call rotation



  • Bachelor Degree in Computer Science, Information Systems or a related technical field preferred
  • Minimum of 4-6 years of experience in Information Security Incident Response, Cyber Threat Hunting
  • Proven track record of successful innovative hunts that are completed in a timely manner
  • Thorough understanding of how to detect lateral movement within a network and thinking outside the box to discover the signal within the noise
  • Excellent communication and influencing skills including the ability to simplify key messages, present compelling stories and promote technical and personal credibility with internal and external executives, and both technical and non-technical audiences
  • Proven success working across organizational and geographic boundaries
  • Familiarity with Security tools Palo Alto IPS, Cylance, Symantec
  • Experience in performing Malware analysis
  • Experience with utilizing Carbon Black Process tree and Threat hunting
  • Experience with utilizng SIEM tool Splunk effectively in triage events and Splunk search capabilities
  • Strong background within Incident Response & Threat Hunting including IOC (Indicators of Compromise) & TTP (Tactics, Techniques & Procedures)
  • Strong knowledge in TCP/IP, cryptographic protocols and algorithms, operating system (MAC\Linux\Windows) internals and operations
  • Deep Understanding of common Attack Vectors DDoS attacks, Phishing, Web Attacks, and Malware

Nice to have:

  • Security certifications: CISSP, SANS GIAC (GREM, GCFA, GCIH), OSCP
  • Experience in user behavior analytics tools and investigation

Meet Some of Gap Inc.'s Employees

Dan L.

Director Of Merchandising, Gap

As Merchandising Director of Men’s and Women’s fitness, Dan lets customers take the lead on GapFit’s collection. He's involved in many fashioning functions, from detailing design to sampling, swatches, selection and clothing production.

Elise P.

Manager, Corporate Strategy & Business Development, Gap

Elise identifies growth opportunities, new products, and new customer bases. It's her responsibility to keep Gap Inc. at the forefront of industry innovations.

Back to top