Staff Infosec Engineer

About the Role

We are seeking for a skilled and experienced Security controls specialist with ability to design, implement and manage security controls to join GAP Inc.’s cybersecurity team. In this role, you will be part of the Enterprise Security Team.
Enterprise Security comprises of Endpoint Protection and Cyber Resilience groups responsible to upkeep the security state of all the systems within the organization

What You'll Do

Roles & Responsibilities:

• Meticulous in ensuring all defined security measures are thoroughly implemented and well maintained
• Ability to Architect, implement and management of Endpoint Security controls like EDR, Anti Ransomware, SBOM, FIM, Local Firewalls, CASB, etc..
• Develop and maintain a comprehensive Software Bill of Materials (SBOM) for all software components used within the organization
• Collaborate with Security Ops & Infosec leadership in developing a mitigation plan for control gaps, TTP’s, IOC’s & Threat Advisories
• Supports Compliance & Risk Management activities related to Endpoint Security
• Ensure compliance with industry standards and regulatory requirements related to SBOM and endpoint protection, and develop and maintain relevant policies, procedures, and best practices
• Provide technical support, including monitoring, reporting, and tool administration
• Maintain and update documentations & architectural workflows of security solutions
• Configure and manage the logging of security controls from various sources into the SIEM solution
• Create and manage plans for implementation projects and keep them current
• Raise concerns to management regarding endpoint security deficiencies or enhancements that need to be addressed
• Educate the partnering teams on SBOM & Endpoint Protection processes and security best practices, and stay updated on the latest security trends, tools, and technologies
• Assist in the investigation and response to security incidents related to vulnerabilities, coordinating with incident response teams to mitigate the impact of security breaches

Who You Are

What are we looking for ?

• Bachelor's degree in Computer Science, Information Security, or a related field. Advanced degrees and relevant certifications (e.g., CISSP, CISM, CEH) are preferred.
• 10+ years of directly related experience in SBOM Management, Endpoint Protection, Cybersecurity or related field
• Proficiency in SBOM tools and endpoint protection solutions, and experience with security frameworks and standards (e.g., NIST, ISO 27001)
• Strong analytical and problem-solving skills, with the ability to assess complex security issues and develop effective solutions
• Excellent written and verbal communication skills, with the ability to convey technical information to non-technical stakeholders
• Proven understanding of Common Vulnerability Frameworks (CVE, CVSS, OWASP Top 10)
• Proven ability to lead and mentor teams, and to work collaboratively with cross-functional teams

Competencies:

• Leads with a Growth Mindset.
• Cultivates a Trusting Environment.
• Drives what Matters.
• Works with a 'One Team' Approach.