Sr Staff, Infosec Engineer - Cyber Defense
Gap
About the Role
Company Overview: As a Fortune 100 retailer leading the market with innovative strategies and a commitment to customer satisfaction, Gap, Inc. prioritizes the security and integrity of our information systems. Our InfoSec organization is at the forefront of protecting our company's assets and ensuring a secure shopping experience for our customers.Position Summary: We are seeking a skilled and experienced Security Engineer with a strong background in SIEM/SOAR platforms and detection engineering. The ideal candidate will be responsible for designing, implementing, and managing security integrations, with a focus on cybersecurity monitoring, incident detection, and automated response processes. This role requires a deep understanding of cybersecurity principles, hands-on technical expertise, and a proactive approach to threat detection and mitigation. Hands-on experience with multiple SIEM/SOAR platforms, Cribl, and experience supporting the engineering needs of a modern Security Operations Center is a high-priority requirement for this role.
What You'll Do
Design, develop, implement information security solutions This may include but is not limited to the following areas: Cloud Security, Infrastructure Security, Product Security, Defensive Engineering, and Identity and Access Management.
Demonstrate proficient knowledge of infrastructure standard security practices, concepts and technologies relevant to role.
Manage technical requirements analysis and drafts technical design specifications based on interpretation of functional requirements gathered through working with business and project teams.
Maintain an enterprise wide identity and access management infrastructure
Implement security controls governing CI/CD pipelines, and provide technical advisory support across a rapidly modernizing and dynamic hybrid multi cloud, on prem and retail chain environment
Ensure governance and compliance with legal and regulatory requirements while maintaining Gap Inc Information Security policies, standards, and industry best practices
Drive automation of cloud security processes
Mentor junior Security Engineers towards achieving command of the skills necessary to perform all work related tasks.
Key Responsibilities:
SIEM Administration/Management:
- Design, deploy, configure, and maintain SIEM environment(s).
- Develop and manage dashboards, alerts, and reports to monitor security events.
- Integrate various data sources into SIEM for comprehensive security analysis.
- Optimize SIEM performance by tuning and managing indexes, searches, and system configurations.
- Develop and maintain correlation rules, alerts, and reports to detect and respond to security incidents.
- Monitor and analyze SIEM logs to identify potential security threats and vulnerabilities.
- Collaborate with other IT teams to ensure comprehensive data collection and integration into the SIEM.
SOAR Implementation:
- Design and implement SOAR playbooks to automate incident response processes.
- Integrate SOAR solutions with existing security tools and platforms.
- Collaborate with SOC (Security Operations Center) and incident response teams to streamline and automate response actions.
- Continuously improve SOAR playbooks based on feedback and evolving threats.
Threat Detection & Incident Response:
- Proactively monitor and analyze security events to identify potential incidents.
- Lead incident response efforts, including investigation, containment, and remediation.
- Provide expert analysis on security incidents and collaborate with teams to implement corrective actions.
- Perform root cause analysis to prevent recurrence of security incidents.
- Prepare detailed reports for management on security events, trends, and recommendations.
- Maintain up-to-date documentation of security tools, configurations, and processes.
Collaboration & Training:
- Work closely with InfoSec, TechOps, and other Gap Inc. teams to ensure secure systems and processes.
- Provide training and guidance to junior security staff and other stakeholders.
- Participate in security audits and assessments to ensure compliance with industry standards and regulations.
Who You Are
Education:
- Bachelor's degree or relevant equivalent experience.
Experience:
- Minimum 6 years of experience in cybersecurity, with a focus on security logging, cyber operations, and orchestration/automation technologies and processes.
- Hands-on experience in deploying and managing SecOps environments.
- Experience with various SIEM platforms (e.g., Splunk, Azure Sentinel, Google SecOps), SOAR tools (e.g., Swimlane, Torq, Tines), and Cribl.
- Strong understanding of security frameworks, threat landscapes, and incident response methodologies.
Skills:
- Familiarity with scripting languages (e.g., Python, Bash) for automation and integration tasks.
- Strong analytical skills and ability to interpret complex data sets.
- Excellent problem-solving abilities and attention to detail.
- Strong communication skills, with the ability to convey technical information to non-technical stakeholders.