IT Job Pro

Most Popular Tech Job site – Find Jobs || Post Jobs

Sr Application Security Engineer (Cloud Security)

As the Sr. Application Security Engineer (Product / Cloud Security) for GAP, Inc., you will work closely with technical peers across all of GapTech. You will ensure that our platforms and technologies protect all Gap Customer and Employee Data analyzed, captured, processed, and/or stored. The Engineer will also be key to enabling security self-sufficiency across our DevOps organization by helping establish local programs such as the Security Champions, Security University, and Application Security. The Sr. Application Security Engineer (Product / Cloud Security) reports to the Director of Product Security.


* Architect security solutions for cloud implementation
* Engage with the Business and DevOps partners using a consultative & partnering approach
* Establish and maintain the local Security Champions program
* Assess security risks and help deliver secure solutions via threat modeling, code review and penetration testing
* Enforce secure development lifecycle
* Assist with the implementation and execution of the application security program
* Actively participate in the creation of the Security University curriculum
* Stay abreast of trends and advances in IT/security solutions and threats
* Monitor changes in the operating environment that affect information security
* Present security updates, recommendations and strategic opportunities to local leadership
* Challenge status quo on security matters
* Provide advice on a broad range of security items and strategies


* Product-centric Cloud security experience (private, hybrid)
* Experience designing cloud security architecture within OpenStack, AWS, Azure, GCE, or similar environments
* IaaS or PaaS experience preferred
* Web application security experience including OWASP Top 10 vulnerabilities, browser security, JavaScript security, and rich web safety
* Deep understanding of web application attacks including SQLi, XSS, XXE, and other common security issues
* Experience creating and delivering introductory to advanced training to other engineers on security practices
* Significant knowledge of TCP/IP, cryptographic protocols and algorithms, operating system internals and operations, and application level protocols
* Demonstrated programming ability in C, C++, Java, php, JavaScript, python, perl, and other languages
* Ability to configure, operate, and understand the regular workings of the following: Apache, PHP, SSH, UNIX hosts, TLS, etc.
* Experience working in a risk based environment including mitigation, planning and implementation
* Operational flexibility in modifying business and operating practices to adapt to a changing environment
* Demonstrated ability to innovate and operate outside established methods and procedures
* Demonstrated ability to gain immediate credibility at all levels both inside and outside the organization and develop lasting, productive and collaborative relationships
* Excellent communication and influencing skills
* Proven success working across organizational and geographic boundaries
* Preferred Certifications – CISSP, CISA, CISM, CRISC, CGEIT, ISO27001
* Bachelors in Computer Science, Engineering or related technical field
* Minimum 5 years experience in an information-security related occupation


GAP, Inc. believes in growth and innovation. The digital marketplace has reshaped the storefront and our five brands know no borders. We are committed to sustainability, fair wages and equal pay and believe our business will succeed in a world where everyone has the chance to stand as equals and thrive.

Were looking for risk takers who love to make a difference, believe in the value of hard work and perseverance and most importantly, share our values.

To apply for this job please visit