Sr Staff, InfoSec Engineer - Security Architecture

About the Role

In this role you will be part of the Security Architecture team within Product Security. Product Security as a whole is responsible for the security of applications from conception to steady state, and within that Security Architecture is responsible for the secure design and threat modeling as well as to serve as the Security Partner for product teams. You will build relationships and collaborate with leaders, architects and senior members of technical and product teams to understand the technical & business context around applications and processes and influence decisions around maximum allowable risk and securing applications and data.

What You'll Do

• As a team we perform comprehensive security reviews for all projects within GapTech. This will include threat modeling and designing secure-by-default solutions.
• Develop and maintain deep relationships with the various teams delivering products within Gap Inc including product and engineering leaders to ensure security is built in from the start.
• Act as a key stakeholder and subject matter expert in decisions around maximum allowable risk. Collaborate with senior technical and product leads to assess when projects can proceed as is, what risks can be accepted, what investment & tooling are required to address any open security concerns, and what fundamental security building blocks in terms of technology and processes need to be put in place by GapTech.
• Work closely with teams to understand dev practices and technologies leveraged to deliver products and use that knowledge to build and recommend security controls appropriate to them.
• Create security policies and standards and enforce them.
• Assess and communicate potential security risks and make recommendations to stakeholders and leadership. Collaborate and partner with other Infosec teams to incorporate feedback early in the application lifecycle as well as influence processes in other parts of Infosec.
• Stay current with the latest security trends, threats and develop and maintain deep industry expertise to incorporate it into your work to ensure the company's applications and data remain secure.
• Providing training and education to developers and business teams on security best practices.

Who You Are

• Senior Infosec engineer with 10+ experience working as security architect or security partner with development teams. Alternately, a senior developer looking to pivot to Infosec and leverage development background to work closer with technical teams.
• Strong technical knowledge and understanding of modern web application technologes such as React, Node.js, APIs, OAuth, etc. and cloud infrastructure technologies such as Azure, GCP, Kubernetes, etc.
• Strong technical knowledge and understanding of modern web applications such as React, Node.js, APIs, OAuth, etc., cloud infrastructure technologies such as Azure, GCP, Kubernetes, etc., and data engineering platforms like Databricks and BigQuery. Additionally, proficiency and a deep understanding of risks and securing Generative AI and machine learning frameworks.
• You are an expert in AI and large language models (LLMs), with a proven track record of integrating and securing these technologies within organizations, leveraging both self-built solutions and vendor tools to drive innovation and ensure robust security frameworks.
• Strong problem-solving skills and ability to perform technical analysis at both a high and low level of detail. Ability to assess relatively complex situations and analyze data to make independent judgments and recommend solutions.
• Effective written and verbal communication skills with the ability to collaborate and interact across teams and at varying levels of management. Ability to communicate difficult concepts in a simple manner.
• Strong negotiation skills to influence decisions while working with senior technical architects and business leads.
• Ability to filter, prioritize, and organize work appropriately to meet and exceed goals.
• Aptitude to understand technical solutions and business processes quickly.