About Gap Inc.
Our brands bridge the gaps we see in the world. Old Navy democratizes style to ensure everyone has access to quality fashion at every price point. Athleta unleashes the potential of every woman, regardless of body size, age or ethnicity. Banana Republic believes in sustainable luxury for all. And Gap inspires the world to bring individuality to modern, responsibly made essentials.
This simple idea—that we all deserve to belong, and on our own terms—is core to who we are as a company and how we make decisions. Our team is made up of thousands of people across the globe who take risks, think big, and do good for our customers, communities, and the planet. Ready to learn fast, create with audacity and lead boldly? Join our team.
About the Role
The SSO Staff Engineer will be joining the Identity and Access Management group and will design, develop, implement, support and build adoption for the Access Management program. This position provides a great opportunity for the engineer to be part of a team of experienced engineers in a fast paced, dynamic environment and hone their skills in one of the hottest areas within Information Security.
This is a fully remote opportunity.
What You'll Do
- Understand Gap, Inc. authentication and federation technology landscape
- Lead, design and develop robust and innovative architectural end to end Gap, Inc. user Access Management solutions for seamless and secure access.
- Design Access Management solutions for ongoing business requirements and be hands-on to drive the implementation process.
- Work closely with cross functional teams, Application owners, Product managers to drive SSO-enablement of applications
- Deliver SSO Federation (SAML/OAuth/OpenID-Connect) solutions for internal applications and externally-hosted SaaS applications
- Work with vendors and third parties to evaluate new products, features and solutions
- Work with App teams to assist with delivery of fine-grained authorizations and able to perform application design and write high-level design and solution documentsunbooks as needed.
- Lead meetings with internal stakeholders across IT and the business
- Able to collaborate with external vendors and internal support teams in problem solving for expedited/escalated troubleshooting.
- Work closely with IAM, Network, Data Protection and Product Security team members to ensure the best solution is delivered in a timely manner
- Develop and maintain SSO artifacts (strategy, decisions, solution design, etc.)
- Continuously assess current environment and make necessary improvements to align with future state architecture.
Who You Are
- 10+ years of experience in Information technology, with 8+ years focused on security and IAM
- Lead conversations about trends and emerging changes to the security landscape.
- Knowledgeable on key IAM concepts like (Identity Lifecycle, Roles, SOD, workflow development, birthright access, privilege access etc.)
- Proven experience in designing and integrating applications using OIDC, SAML, FIDO (WebAuthN), LDAP, PKI, Microsoft AD
- Experience with Ping Identity suite of products but not limited to Ping Federate, Ping Access, Ping Directory, Ping Data Proxy, PingOne, Ping ID, Ping Risk, is a huge plus.
- Working knowledge of Privileged Access Management solutions like Thycotic, Hashicorp, CyberArk or similar.
- Working experience with complex, large scale and multi-site hybrid environments
- Hands-on Experience with application container technologies, deployment, and orchestration (Docker, Kubernetes, Helm)
- In-depth knowledge of IP, SSL, TLS, Public key infrastructure, Cryptographic services
- Extensive hands-on experiences in application and API development using Java, .NET or similar
- Experience of developing applications using RESTful APIs, Databases (Oracle, MSSQL, MySQL), with DevOps tooling, such as - Maven, Jenkins, GIT, Confluence, JIRA
- Good scripting experience in your language of choice (Python, Bash, PowerShell, etc.)
- Good understanding of distributed runtime systems like (istio, envoy) and managing authentication and authorization across a microservices architecture.
- Experience with IaaS and PaaS deployments, connectivity, network security, virtualization, and compute on Azure and Oracle Cloud Infrastructure.
- Knowledge of attack vectors (malware, web application, social engineering, etc.) and attack surfaces (ports, firewalls, incoming data processing, interfaces, etc.)
- Experience with Agile delivery and Scrum
- Ability to operate independently to provide domain area functional and technology expertise
- Familiarity with Application Performance Monitoring (APM)
- Familiarity with compliance and industry security frameworks like (OWASP, NIST Cyber Security, PCI DSS, SOX. etc.).
Benefits at Gap Inc.
- Merchandise discount for our brands: 50% off regular-priced merchandise at Old Navy, Gap, Banana Republic and Athleta, and 30% off at Outlet for all employees.
- One of the most competitive Paid Time Off plans in the industry.*
- Employees can take up to five “on the clock” hours each month to volunteer at a charity of their choice.*
- Extensive 401(k) plan with company matching for contributions up to four percent of an employee’s base pay.*
- Employee stock purchase plan.*
- Medical, dental, vision and life insurance.*
See more of the benefits we offer.
*For eligible employees
Gap Inc. is an equal-opportunity employer and is committed to providing a workplace free from harassment and discrimination. We are committed to recruiting, hiring, training and promoting qualified people of all backgrounds, and make all employment decisions without regard to any protected status. We have received numerous awards for our long-held commitment to equality and will continue to foster a diverse and inclusive environment of belonging. This year, we've been named as one of the Best Places to Work by the Humans Rights Campaign for the fourteenth consecutive year and have been included in the 2019 Bloomberg Gender-Equality Index for the second year in a row.