Sr Staff, Infosec Engineer - Cyber Defense

About the Role

Company Overview: As a Fortune 100 retailer leading the market with innovative strategies and a commitment to customer satisfaction, Gap, Inc. prioritizes the security and integrity of our information systems. Our InfoSec organization is at the forefront of protecting our company's assets and ensuring a secure shopping experience for our customers.
Position Summary: We are seeking a skilled and experienced Security Engineer with a strong background in SIEM/SOAR platforms and detection engineering. The ideal candidate will be responsible for designing, implementing, and managing security integrations, with a focus on cybersecurity monitoring, incident detection, and automated response processes. This role requires a deep understanding of cybersecurity principles, hands-on technical expertise, and a proactive approach to threat detection and mitigation. Hands-on experience with multiple SIEM/SOAR platforms, Cribl, and experience supporting the engineering needs of a modern Security Operations Center is a high-priority requirement for this role.

What You'll Do

• Design, develop, implement information security solutions This may include but is not limited to the following areas: Cloud Security, Infrastructure Security, Product Security, Defensive Engineering, and Identity and Access Management.

• Demonstrate proficient knowledge of infrastructure standard security practices, concepts and technologies relevant to role.

• Manage technical requirements analysis and drafts technical design specifications based on interpretation of functional requirements gathered through working with business and project teams.

• Maintain an enterprise wide identity and access management infrastructure

• Implement security controls governing CI/CD pipelines, and provide technical advisory support across a rapidly modernizing and dynamic hybrid multi cloud, on prem and retail chain environment

• Ensure governance and compliance with legal and regulatory requirements while maintaining Gap Inc Information Security policies, standards, and industry best practices

• Drive automation of cloud security processes

• Mentor junior Security Engineers towards achieving command of the skills necessary to perform all work related tasks.

Key Responsibilities:

SIEM Administration/Management:

• Design, deploy, configure, and maintain SIEM environment(s).
• Develop and manage dashboards, alerts, and reports to monitor security events.
• Integrate various data sources into SIEM for comprehensive security analysis.
• Optimize SIEM performance by tuning and managing indexes, searches, and system configurations.

• Develop and maintain correlation rules, alerts, and reports to detect and respond to security incidents.
• Monitor and analyze SIEM logs to identify potential security threats and vulnerabilities.
• Collaborate with other IT teams to ensure comprehensive data collection and integration into the SIEM.

SOAR Implementation:

• Design and implement SOAR playbooks to automate incident response processes.
• Integrate SOAR solutions with existing security tools and platforms.
• Collaborate with SOC (Security Operations Center) and incident response teams to streamline and automate response actions.
• Continuously improve SOAR playbooks based on feedback and evolving threats.

Threat Detection & Incident Response:

• Proactively monitor and analyze security events to identify potential incidents.
• Lead incident response efforts, including investigation, containment, and remediation.
• Provide expert analysis on security incidents and collaborate with teams to implement corrective actions.
• Perform root cause analysis to prevent recurrence of security incidents.

• Prepare detailed reports for management on security events, trends, and recommendations.
• Maintain up-to-date documentation of security tools, configurations, and processes.

Collaboration & Training:

• Work closely with InfoSec, TechOps, and other Gap Inc. teams to ensure secure systems and processes.
• Provide training and guidance to junior security staff and other stakeholders.
• Participate in security audits and assessments to ensure compliance with industry standards and regulations.

Who You Are

Education:

• Bachelor's degree or relevant equivalent experience.

Experience:

• Minimum 6 years of experience in cybersecurity, with a focus on security logging, cyber operations, and orchestration/automation technologies and processes.
• Hands-on experience in deploying and managing SecOps environments.
• Experience with various SIEM platforms (e.g., Splunk, Azure Sentinel, Google SecOps), SOAR tools (e.g., Swimlane, Torq, Tines), and Cribl.
• Strong understanding of security frameworks, threat landscapes, and incident response methodologies.

Skills:

• Familiarity with scripting languages (e.g., Python, Bash) for automation and integration tasks.
• Strong analytical skills and ability to interpret complex data sets.
• Excellent problem-solving abilities and attention to detail.
• Strong communication skills, with the ability to convey technical information to non-technical stakeholders.