Gap Inc.
Sr Staff, Infosec Engineer - Selling Channel Security
Gap Inc. - San Francisco, California, United States, 94102
Work at Gap Inc.
Overview
- View job
Overview
About The Role
We are seeking a Senior Staff IAM Engineer with deep expertise in designing identity and access management (IAM) solutions for APIs, customers, and microservices-based cloud environments. In this role, you will be responsible for architecting secure and scalable identity solutions that integrate seamlessly into our e-commerce platform. Your ability to collaborate, negotiate, and drive optimal security solutions with cross-functional teamsincluding architecture, DevSecOps, and product engineeringwill be key to success. What You'll Do
As a key member of the Product Security organization, you will be designing and implementing cutting-edge security solutions at scale. Design and Engineer repeatable processes/solutions and implementation of new technologies and tools across the enterprise technology footprint. Help drive technical and operational maturity from a security standpoint across all of Gap channels. Bring an automation-first mindset to drive productivity across all operational tasks. Work with Architects and Engineers to maintain accurate and reliable documentation of our network policy and design. Develop and implement IAM solutions for APIs, customers, and microservices in a cloud-native e-commerce environment. Design robust authentication and authorization mechanisms, including OAuth, OpenID Connect, JWT, and mutual TLS. Partner with DevSecOps teams to embed IAM best practices into CI/CD pipelines, automating identity governance and access controls. Define and enforce security policies for identity management across cloud platforms (AWS, Azure, or GCP). Requirement Qualifications and Skills Expertise in IAM & API Security: Proven experience designing IAM solutions for customer identity (CIAM), API security, and microservices authentication. Strong familiarity with common vulnerabilities and attack vectors across various industries
retail, ecom, fintech etc. Cloud-Native IAM: Hands-on experience with AWS IAM, Azure AD, GCP IAM, or third-party identity providers (Okta, Ping Identity, Auth0, etc.). Deep Protocol Knowledge: Strong understanding of OAuth 2.0, OpenID Connect, SAML, JWT, and federation architectures. Microservices & DevSecOps: Experience integrating IAM solutions with containerized workloads (Kubernetes, Docker) and securing service-to-service communication. Programming & Automation: Familiarity with Terraform, CloudFormation, or other IaC tools for IAM automation. Scripting experience (Python, Bash, etc.) is a plus. Security Certifications (Preferred): CISSP, CCSP, AWS Security Specialty, Azure Security Engineer, or equivalent. Strong Communication & Negotiation Skills: Ability to engage with architects, developers, and security teams to align on optimal IAM strategies. Who You Are
We are seeking a Senior Staff IAM Engineer with deep expertise in designing identity and access management (IAM) solutions for APIs, customers, and microservices-based cloud environments. In this role, you will be responsible for architecting secure and scalable identity solutions that integrate seamlessly into our e-commerce platform. Your ability to collaborate, negotiate, and drive optimal security solutions with cross-functional teamsincluding architecture, DevSecOps, and product engineeringwill be key to success. What You'll Do
As a key member of the Product Security organization, you will be designing and implementing cutting-edge security solutions at scale. Design and Engineer repeatable processes/solutions and implementation of new technologies and tools across the enterprise technology footprint. Help drive technical and operational maturity from a security standpoint across all of Gap channels. Bring an automation-first mindset to drive productivity across all operational tasks. Work with Architects and Engineers to maintain accurate and reliable documentation of our network policy and design. Develop and implement IAM solutions for APIs, customers, and microservices in a cloud-native e-commerce environment. Design robust authentication and authorization mechanisms, including OAuth, OpenID Connect, JWT, and mutual TLS. Partner with DevSecOps teams to embed IAM best practices into CI/CD pipelines, automating identity governance and access controls. Define and enforce security policies for identity management across cloud platforms (AWS, Azure, or GCP). Requirement Qualifications and Skills Expertise in IAM & API Security: Proven experience designing IAM solutions for customer identity (CIAM), API security, and microservices authentication. Strong familiarity with common vulnerabilities and attack vectors across various industries
retail, ecom, fintech etc. Cloud-Native IAM: Hands-on experience with AWS IAM, Azure AD, GCP IAM, or third-party identity providers (Okta, Ping Identity, Auth0, etc.). Deep Protocol Knowledge: Strong understanding of OAuth 2.0, OpenID Connect, SAML, JWT, and federation architectures. Microservices & DevSecOps: Experience integrating IAM solutions with containerized workloads (Kubernetes, Docker) and securing service-to-service communication. Programming & Automation: Familiarity with Terraform, CloudFormation, or other IaC tools for IAM automation. Scripting experience (Python, Bash, etc.) is a plus. Security Certifications (Preferred): CISSP, CCSP, AWS Security Specialty, Azure Security Engineer, or equivalent. Strong Communication & Negotiation Skills: Ability to engage with architects, developers, and security teams to align on optimal IAM strategies. Who You Are