Manager, DevSecOps Engineering

About Gap Inc.

At Gap Inc., we create culture as much as we create clothes. Our ambition is to become a high-performing house of iconic American brands that shape culture.

Our portfolio-Old Navy, Gap, Banana Republic, and Athleta-each brings a distinct point of view to how we show up in the world and serve our customers.

Old Navy democratizes style with quality and value for all. Gap champions originality through essential pieces that celebrate individuality. Banana Republic is rooted in a spirit of discovery, creating modern pieces inspired by craftsmanship and travel. Athleta champions the Power of She through confidence, strength, and movement.

We're driven by a shared purpose: to bridge gaps-between people, perspectives, and possibilities-to create a better world.

We're building a team that performs at a high level-people who think boldly, take ownership, and turn ideas into impact. If you're ready to learn fast and help shape what's next, you'll fit right in.

About the Role

In this role, you will lead the strategy, design, and delivery of security engineering solutions that protect the company's assets, infrastructure, and software supply chain. You will manage a team of security and Dev Ops engineers, driving a culture of security-first delivery across Cloud Security, CI/CD Pipeline Security, Product Security and Infrastructure Security. You will partner closely with Engineering, Product, and Leadership to set direction and ensure the business ships software with speed and confidence.

What You'll Do

* Lead the design, development, and implementation of information security solutions across Cloud Security, Infrastructure Security & Product Security.

* Own the security strategy for CI/CD pipelines, including automated testing, SAST/DAST scanning, dependency checks, and secrets detection - providing technical advisory and governance across hybrid, multi-cloud environments.

* Drive cloud security posture management, runtime protection, and code security through industry-leading cloud security and edge protection capabilities, ensuring continuous compliance and risk reduction.

* Define and enforce security policies, standards, and best practices that balance delivery speed with a strong security posture, in alignment with regulatory and legal requirements.

* Lead automation initiatives across cloud security processes, reducing manual effort and improving consistency at scale.

* Oversee API security standards and runtime protection across services and microservices architectures.

* Manage infrastructure security controls using infrastructure-as-code and container orchestration tooling, in line with container security best practices.

* Anticipate operational and program risks, developing preventative measures and driving rapid incident response across environments.

* Translate functional security requirements into technical roadmaps, guiding your team from strategy through to execution.

* Define, track, and communicate security metrics and key performance indicators - creating actionable insights from data to inform prioritization, demonstrate delivery effectiveness, and drive continuous improvement.

* Build strong cross-functional relationships with product and engineering squads, embedding security into development workflows and acting as a trusted security advisor at the leadership level.

Who You Are

* A proven leader with hands-on depth in Dev Sec Ops  or security engineering, and the ability to inspire, grow, and manage a high-performing team.

* Demonstrate deep knowledge of infrastructure security practices, concepts, and technologies, with proficiency across cloud security capabilities and modern security methodologies.

* Experience governing CI/CD pipelines and authoring configuration management and deployment tooling across modern CI/CD platforms.

* Strong scripting and development skills across languages such as Python, Bash, Go, or Java.

* Solid understanding of cloud security concepts including network segmentation and secrets management across major cloud providers.

* Experience anticipating operational risks and driving preventative measures across complex, fast-moving engineering environments.

* A confident communicator who can translate security priorities to developers, stakeholders, and executives alike.

* Familiarity with AI and machine learning capabilities as applied to Dev Sec Ops  and infrastructure management - including AI-assisted threat detection, anomaly detection, intelligent vulnerability triage, and the use of AI-powered tooling to enhance security automation and operational insight - is considered a strong advantage.

* Background in Computer Science, Information Security, or equivalent practical experience.

Benefits at Gap Inc.

* Merchandise discount for our brands: 50% off regular-priced merchandise at Old Navy, Gap, Banana Republic and Athleta, and 30% off at Outlet for all employees.

* One of the most competitive Paid Time Off plans in the industry.
* * Employees can take up to five "on the clock" hours…