Staff Infosec Engineer

About Gap Inc.

Our past is full of iconic moments - but our future is going to spark many more. Our brands - Gap, Banana Republic, Old Navy and Athleta - have dressed people from all walks of life and all kinds of families, all over the world, for every occasion for more than 50 years.

But we're more than the clothes that we make. We know that business can and should be a force for good, and it's why we work hard to make product that makes people feel good, inside and out. It's why we're committed to giving back to the communities where we live and work. If you're one of the super-talented who thrive on change, aren't afraid to take risks and love to make a difference, come grow with us.
About the Role

Job Description Summary
PKI /PAM Engineer is responsible for designing, implementing, and managing PKI infrastructure, including the issuance, renewal, and revocation of digital certificates. The PKI/PAM Engineer will also be responsible for utilizing Secrets management tools in accordance with established policies and industry standards for Privileged Access Management (PAM), ensuring secure handling and compliance with best practices. The engineer will work closely with product teams to develop tailored PKI solutions for secure communication and data protection throughout the development lifecycle.

• Design, implement, and manage PKI infrastructure, ensuring alignment with organizational security policies.
• Manage the lifecycle of Root and Intermediate Certificate Authorities (CAs), ensuring adherence to cryptographic best practices.
• Automate certificate lifecycle processes including enrollment, renewal, and revocation, using scripts and tools like Venafi or similar Certificate Lifecycle Management (CLM) solutions.
• Troubleshoot and resolve certificate-related issues across systems and applications
• Integrate certificate management solutions with product-specific requirements, ensuring secure communication and data protection.
• Collaborate with product teams to develop tailored PKI solutions that seamlessly integrate into development workflows.
• Scripting and automation skills for certificate management (e.g., python, Bash, powershell or similar).
• Set up monitoring for certificate expiration, errors, and compliance across the environment, ensuring proactive mitigation of risks.
• Stay up to date with the latest PKI trends, vulnerabilities, and cryptographic standards.
• Develop and maintain tools and scripts (using OpenSSL, Keytool, REST APIs, SCEP, ACME, EST) for managing certificates and keys across a wide range of environments.
• Work with product teams and vendors to address issues related to the infrastructure, functionality, upgrades, and configurations of Secrets Management tools.

• Expertise in working with various certificate formats (PEM, DER, PFX, JKS).
• Familiarity with Cloud Providers, particularly Azure, to integrate PAM and Secrets Management solutions into cloud-based environments.
• Good to have knowledge on container orchestration tools like Kubernetes.
• Ability to write custom scripts (Shell, Python) leveraging APIs for automating PAM tasks such as account onboarding, privileged access management, and integration with other tools.
• Solid understanding and Hands-on experience of configuration management tools like Chef and DevOps principles, including Source Code Management (SCM) using tools like GitHub, and continuous integration solutions such as Jenkins, and GitHub Actions.
• Experience with REST APIs for integration of certificate management systems.
• Solid understanding of digital signatures, encryption, and public-key cryptography principles.
• Expertise in Secrets Management tools, with a focus on HashiCorp Vault or similar products, including integrating it into DevOps workflows for managing credentials, certificates, SSH keys, API keys etc.
• Experience with Delinea Secret Server or similar products is a plus
• Ability to design and implement security solutions based on PAM and Secrets Management tools tailored to product team needs.
• Proficient in managing Windows and Linux servers, particularly in relation to Secrets management implementations and access control.

• One of the most competitive paid time off plans in the industry
• Comprehensive health coverage for employees, same-sex partners and their families
• Health and wellness program: free annual health check-ups, fitness center and Employee Assistance Program
• Comprehensive benefits to support the journey of parenthood
• Retirement planning assistance
• See more of the benefits we offer.