Product Security DevSecOps Engineer
- Hyderabad, India
About Gap Inc.
Our past is full of iconic moments - but our future is going to spark many more. Our brands - Gap, Banana Republic, Old Navy and Athleta - have dressed people from all walks of life and all kinds of families, all over the world, for every occasion for more than 50 years.
But we're more than the clothes that we make. We know that business can and should be a force for good, and it's why we work hard to make product that makes people feel good, inside and out. It's why we're committed to giving back to the communities where we live and work. If you're one of the super-talented who thrive on change, aren't afraid to take risks and love to make a difference, come grow with us.
About the role
The Product Security DevSecOps Engineer is a member of the Product Security team within GapTech Information Security, and reports to the Staff Engineer, Product Security. In this role, the PSEC DevSecOps Engineer will cater to the needs of the business, engage with the product, infra and developer teams, be responsible for implementing security controls governing CI/CD pipelines, and providing technical advisory support across a rapidly modernizing and dynamic hybrid multi-cloud, on-prem and retail chain environment, ensuring governance and compliance with legal and regulatory requirements, maintain Gap Inc. Information Security policies, standards, and industry best practices.
Lead the security strategy governing the applications and cloud-based platform infrastructure.
Collaborate with other infrastructure, DevOps, InfoSec and application engineers to understand the product, technology and business needs.
Define and own guidance, alerts and security as code deployments to provide protection from malicious traffic, vulnerabilities and other attack vectors.
Design and maintain the Gap Inc's Customer Authentication OIDC Provider and implement WAF Policies.
Own the management and remediation of identified security flaws within our development platforms.
Architect procedures to automate security tasks that seamlessly integrate into code builds and deployments.
Build security utilities and tools for internal use that enable the DevSecOps team to operate at high speed and wide-scale; Develop, document and maintain security and compliance capabilities in support of DevOps processes.
Who you are
Hands-on experience in deploying and securing cloud resources using ARM templates, Terraform etc.
Experience in writing Automation runbooks for monitoring and alerting in Azure and OCI workloads.
Experience in managing and securing DevOps products like Azure DevOps, Circle CI, CodeFresh is a plus.
Experience with SIEM, IPS/IDS, security operations, incident analysis, incident handling, vulnerability management or testing, log analysis.
Experience in managing Customer authentication and implementing security WAF policies.
Hands-on experience in implementing and operating modern SDLC stack tooling (SAST/SCA/DAST/IAST).
Experience in implementing and securing Kubernetes, Helm, Envoy Proxy, Istio workloads. AquaSec, PortShift or similar product experience is a plus;
Experience in Programming or scripting with a popular modern language utilized by the above tools (Java, Python, Ruby, etc.).
Benefits at Gap Inc.
- One of the most competitive paid time off plans in the industry
- Merchandise discount for our brand products at franchise stores and their websites
- Comprehensive health coverage for employees, same-sex partners and their families
- Health and wellness program: free annual health check-ups, fitness center and Employee Assistance Program
- Comprehensive benefits to support the journey of parenthood
- Retirement planning assistance
- See more of the benefits we offer.
Back to top