ABOUT THE ROLE
GapTech Information Security is the global information security function for Gap Inc. inclusive of, and across, all Gap Inc. brands. The Security Manager (Penetration Testing)is a member of the Product Security team within GapTech Information Security, and reports to the Staff Engineer, Product Security. In this role, you will be responsible for driving a PenTest program to holistically test Gap Inc's systems and applications including E-commerce Website and stores systems for vulnerabilities and demonstrate the impact to the business through exploitation. Influences strategic direction and develops tactical plans and completes complex assignments with substantial latitude for actions or decisions. Maintains extensive contact with internal stakeholders, industry peers to identify, research, analyze and provide resolution to complex vulnerability issues. This person will work with a multi-national team of penetration testing engineers.
WHAT YOU'LL DO
- Own and drive the penetration testing program for the Gap, Inc. Brands.
- Manage a team that performs Penetration Testing for Web Applications, Infrastructure, Network, Cloud Technologies and Mobile applications.
- Assist in PCI audit Penetration Testing for all Gap Inc brands and markets; Lead bug bounty program strategy, manage public bug bounty projects, own internal ticketing assignment and remediation reporting.
- Drive actionable metrics and reporting for operations and leadership transparency.
- Oversee the end-to-end report lifecycle from triage to resolution, including managing triage and escalation for inbound reports, managing state transitions, and tracking internal remediation tickets.
- Foster ownership, inclusiveness, accountability, pragmatism, supportive work culture and urgency in the team.
- Partner with product managers, software engineers within and outside of InfoSec to reduce vulnerabilities and improve code quality in the organization.
WHO YOU ARE
- 2+ years of experience managing a PenTest team of security engineering professionals for a Globally distributed organization.
- 5+ years of experience in penetration testing, offensive security, red teaming with both manual and automated penetration testing against internal and external facing corporate infrastructures
- Ability to prioritize and manage across multiple, often time-sensitive initiatives.
- Familiar with industry-standard security best practices and multiple techniques for penetration testing
- High-level understanding of Security architecture both from a penetration testing and design point of view.
- Exceptional organizational, communication, and leadership skills.
- Self-directed, works with minimal guidance, recognizes and asks for guidance when needed.
- Effective written, verbal communication skills. Ability to tailor communication to different levels of stakeholders based on technical affinity of the audience.