Security Community Manager

Gap Inc. Technology is the engine driving innovative retail, e-commerce, and global enterprise technology for Gap Inc.'s five renown brands – Gap, Banana Republic, Old Navy, Athleta and INTERMIX. We're looking for exceptional talent with fresh ideas, cutting-edge skills, and a passion for retail technology. As part of our team, you'll be exposed to hands-on learning opportunities across all facets of the Gap Inc. Technology organization, working on high-profile, big-impact projects alongside the best technologists and leaders in the industry. Ready to get started?

The Sr. Product Security Engineer reports to the Director of Product Security. In this role, the Engineer will work closely with technical and business peers across GapTech to evangelize information security; design and implement security capabilities within products; as well as build and manage our Security Champions and University programs. This Security Evangelist will be crucial in building relationships with our business partners, gaining trust and increasing security engagement, and driving education to a distributed set of developers, engineers, admin, and architects to better extend the reach of the central InfoSec team.

Key Duties

  • Engage with the Business and DevOps partners using a consultative & partnering approach to identify Champion candidates
  • Establish and maintain the Security Champions program to enable business agility and improve the overall security posture of Gap Inc
  • As a highly technical role, the Evangelist is expected to be a close working partner with GapTech architects to deliver secure standards for technology across the organization.
  • Assist with the implementation and execution of security initiatives in collaboration with Business and DevOps partners
  • Actively lead in the creation of the Security University curriculum for internal Information Security (InfoSec) employees, GapTech Champions, and relevant business partners
  • Stay abreast of trends and advances in IT/security solutions and monitors changes in the operating environment that affect information security; drive education, awareness, and training of new security issues
  • Present security updates, recommendations, strategic opportunities to leadership
  • Develop relationships with local business leaders, challenging status quo on security matters
  • Provide advice on a broad range of security items and strategies



  • High technical capabilities in web application security including OWASP Top 10 vulnerabilities, browser security, JavaScript security, and rich web safety
  • Deep understanding of web application attacks including SQLi, XSS, XXE, and other common security issues
  • Creating and delivering usable introductory to advanced training to other engineers on security practices
  • Significant knowledge of TCP/IP, cryptographic protocols and algorithms, operating system internals and operations, and application level protocols
  • Ability to configure, operate, and understand the regular workings of the following: Apache, PHP, SSH, UNIX hosts, TLS, etc.
  • Experience working in a risk based environment including mitigation, planning and implementation
  • Operational flexibility in modifying business and operating practices to adapt to a changing environment
  • Demonstrated ability to innovate and operate outside the comfort zone of established methods and procedures
  • Demonstrated ability to gain immediate credibility at all levels both inside and outside the organization and develop lasting, productive and collaborative relationships
  • Excellent communication and influencing skills including the ability to simplify key messages, present compelling stories and promote technical and personal credibility with internal and external executives, and both technical and non-technical audiences
  • Proven success working across organizational and geographic boundaries
  • Preferred Certifications - CISSP, CISA, CISM, CRISC, CGEIT, ISO27001
  • Preferred but not required: Bachelor's in Computer Science, Engineering or related technical field
  • Minimum 5 years' experience in an information-security related occupation

Meet Some of Gap Inc.'s Employees

Dan L.

Director Of Merchandising, Gap

As Merchandising Director of Men’s and Women’s fitness, Dan lets customers take the lead on GapFit’s collection. He's involved in many fashioning functions, from detailing design to sampling, swatches, selection and clothing production.

Elise P.

Manager, Corporate Strategy & Business Development, Gap

Elise identifies growth opportunities, new products, and new customer bases. It's her responsibility to keep Gap Inc. at the forefront of industry innovations.

Back to top