Job description

Position Overview Sr Staff, Infosec Engineer - Cyber Defense at Gap, Inc.—a Fortune 100 retailer committed to innovative strategies and customer satisfaction—is seeking a skilled Security Engineer. This role focuses on designing, implementing, and managing cybersecurity integrations with a deep focus on SIEM/SOAR platforms, detection engineering, and threat mitigation across diverse environments including cloud, on-prem, and retail channels. Key Responsibilities • Design, develop, and implement information security solutions across Cloud Security, Infrastructure Security, Product Security, Defensive Engineering, and Identity and Access Management. • Analyze technical requirements and draft design specifications in collaboration with business and project teams. • Maintain an enterprise-wide identity and access management infrastructure. • Implement security controls for CI/CD pipelines and provide technical advisory support in a dynamic multi-cloud, on-prem, and retail environment. • Ensure governance and compliance with legal, regulatory, and internal Information Security policies and best practices. • Drive the automation of cloud security processes. • Mentor junior Security Engineers, fostering skill development and technical expertise. • SIEM Administration/Management: • Design, deploy, configure, and maintain SIEM environments. • Develop and manage dashboards, alerts, and reports for monitoring security events. • Integrate various data sources for comprehensive security analysis and optimize system configurations. • Develop and maintain correlation rules and alerts to detect and respond to security incidents. • SOAR Implementation: • Design and implement SOAR playbooks to automate incident response processes. • Integrate SOAR solutions with existing security tools and collaborate with SOC teams. • Continuously refine playbooks based on feedback and evolving threat landscapes. • Threat Detection & Incident Response: • Proactively monitor and analyze security events to identify potential incidents. • Lead incident response efforts, conducting investigations, containment, and remediation. • Perform root cause analysis and prepare detailed reports on security events. • Collaboration & Training: • Work closely with Info Sec, Tech Ops, and other teams to ensure secure systems and processes. • Provide training and guidance to junior security staff and stakeholders. • Participate in security audits and assessments to ensure industry-standard compliance. Required Qualifications • Bachelor's degree or relevant equivalent experience. • Minimum 6 years of cybersecurity experience with a focus on security logging, cyber operations, and automation technologies. • Hands-on experience deploying and managing Security Operations environments, including SIEM platforms (e.g., Splunk, Azure Sentinel, Google Sec Ops) and SOAR tools (e.g., Swimlane, Torq, Tines), as well as Cribl. • Strong understanding of security frameworks, threat landscapes, and incident response methodologies. • Proficiency in scripting languages such as Python and Bash for automation and integration tasks. • Excellent analytical, problem-solving, and communication skills with the ability to convey technical information to non-technical stakeholders.

Requirements