Information Security Engineer - Threat & Incident Management

Doris and Don Fisher opened the first Gap store in 1969. The reason was simple. Don couldn’t find a pair of jeans that fit. They never expected to transform retail. But they did. Guided by humility, compassion and a strong desire to win, the Fishers grew their company thoughtfully. Customers responded.

The Information Security Engineer works as a member of the Threat & Incident Management team (TIM team). The TIM team is part of Gap’s Information Security organization (InfoSec), working closely with infrastructure, application, and managed service provider teams to ensure the security posture of Gap’s global enterprise is maintained, including endpoint, network, server and border security. The IT Security engineers serve as Subject Matter Experts (SME) for InfoSec’s portfolio of monitoring and logging tools, providing research, expert advice, and direction on configuration and management of the tools. The Security Engineer has direct responsibility for working with all GapTech teams in delivering subject matter expertise for cybersecurity incident response and computer forensics services for suspected or confirmed cybersecurity breaches, emerging threats assessment, and supporting legal e-Discovery requests.

- Identify security issues and risks associated with security events reported by L1 or L2 InfoSec teams, or via alerts from various security tools, and develop remediation and/or risk mitigation plans - Leverage a wide range of security technologies including, but not limited to: SIEM/syslog, IDS/IPS, malware analysis and protection, content filtering, logical access controls, identity and access management, data loss prevention, content filtering technologies, application firewalls, vulnerability scanners, LDAP, security incident response and Identity Management software - Participate in incident response and investigations of suspected information technology security misuse or compliance reviews as requested by Gap’s Security Council, InfoSec management, or as required when alerts are received from InfoSec threat monitoring tools and threat intelligence sources - Work with InfoSec product vendors and service providers, to evaluate potential security offerings, including product evaluations, pilots and proof of concept installations - Assist in responses to internal and external compliance audits, e-Discovery data collection, penetration tests and vulnerability assessments - Coordinate maintenance of security-related systems (Anti-Virus, Patching, Intrusion Detection, Logging, Anti-spam, etc.) - Monitor current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy - Conduct research on emerging products, services, protocols, and standards relative to the information security arena

- Bachelor's degree in computer science or related field, preferred - CISSP, GIAC or CISM certification, preferred - Certification in operating system, directory services, firewall, VPN, router and/or other technical areas desired - 3-5 years experience with network and InfoSec components, including firewalls, intrusion detection systems, anti-malware products, e-Discovery and forensics tools and products, data encryption, VPN's, vulnerability scanners, multiple operating systems (Windows, UNIX, Linux, etc.), and directory services (Active Directory, LDAP) - In-depth knowledge of information security risks and counter-measures for Windows and Unix/Linux platforms - Understanding of the Payment Card Industry (PCI) data security standards (PCI DSS) and the payment application data security standards (PA DSS) as well as experience in the implementation of controls to mitigate PCI issues. - Experience with multi-national large-scale enterprises.