IT Secruity Manager
盖璞(上海)商业有限公司(Gap China)
- 公司规模:500-1000人
- 公司性质:外资(欧美)
- 公司行业:服装/纺织/皮革
职位信息
- 发布日期:2016-12-06
- 工作地点:上海
- 招聘人数:1人
- 工作经验:8-9年经验
- 学历要求:本科
- 语言要求:英语 精通
- 职位类别:技术总监/经理
职位描述
职位描述:
Role Description:
Gap Inc. Technology is the engine driving innovative retail, e-commerce, and global enterprise technology for Gap Inc.’s five renown brands – Gap, Banana Republic, Old Navy, Athleta and INTERMIX. We’re looking for exceptional talent with fresh ideas, cutting-edge skills, and a passion for retail technology. As part of our team, you’ll be exposed to hands-on learning opportunities across all facets of the Gap Inc. Technology organization, working on high-profile, big-impact projects alongside the best technologists and leaders in the industry. Ready to get started?
The Product Security Engineer reports to the Director of Product Security. In this role, the Engineer will work closely with technical peers across all of GapTech to ensure that all of our customer developed platforms and technologies protect all Gap Customer and Employee Data analyzed, captured, processed, and/or stored. The Engineer will also be key to enabling security self-sufficiency across our DevOps organization by helping establish local programs such as the Security Champions, Security University, and Application Security.
Key Duties
? Engages with the Business and DevOps partners using a consultative & partnering approach
? Establishes and maintains the local Security Champions program to enable business agility and improve the overall application security posture of GapTech products
? Engages with business partners on projects to assess for security risk and help deliver secure solutions via threat modeling, code review, penetration testing, and enforcing secure development lifecycle
? Assist with the implementation and execution of the application security program in collaboration with Business and DevOps partners
? Actively participates in the creation of the Security University curriculum for internal InfoSec employees and business partners
? Stays abreast of trends and advances in IT/security solutions and monitors changes in the operating environment that affect information security
? Presents security updates, recommendations, strategic opportunities to local leadership
? Develops relationships with local business leaders, challenging status quo on security matters
? Provides advice on a broad range of security items and strategies
Competencies
? Web application security experience including OWASP Top 10 vulnerabilities, browser security, javascript security, and rich web safety
? Deep understanding of web application attacks including SQLi, XSS, XXE, and other common security issues
? Creating and delivering usable introductory to advanced training to other engineers on security practices
? Significant knowledge of TCP/IP, cryptographic protocols and algorithms, operating system internals and operations, and application level protocols
? Demonstrated programming ability in C, C++, Java, php, Javascript, python, perl, and other languages
? Ability to configure, operate, and understand the regular workings of the following: Apache, PHP, SSH, UNIX hosts, TLS, etc.
? Experience working in a risk based environment including mitigation, planning and implementation
? Operational flexibility in modifying business and operating practices to adapt to a changing environment
? Demonstrated ability to innovate and operate outside the comfort zone of established methods and procedures
? Demonstrated ability to gain immediate credibility at all levels both inside and outside the organization and develop lasting, productive and collaborative relationships
? Excellent communication and influencing skills including the ability to simplify key messages, present compelling stories and promote technical and personal credibility with internal and external executives, and both technical and non-technical audiences
? Proven success working across organizational and geographic boundaries
? Preferred Certifications - CISSP, CISA, CISM, CRISC, CGEIT, ISO27001
Minimum Education Level
? Bachelor’s in Computer Science, Engineering or related technical field
Minimum Experience
? Minimum 5 years experience in an information-security related occupation
举报
分享
Role Description:
Gap Inc. Technology is the engine driving innovative retail, e-commerce, and global enterprise technology for Gap Inc.’s five renown brands – Gap, Banana Republic, Old Navy, Athleta and INTERMIX. We’re looking for exceptional talent with fresh ideas, cutting-edge skills, and a passion for retail technology. As part of our team, you’ll be exposed to hands-on learning opportunities across all facets of the Gap Inc. Technology organization, working on high-profile, big-impact projects alongside the best technologists and leaders in the industry. Ready to get started?
The Product Security Engineer reports to the Director of Product Security. In this role, the Engineer will work closely with technical peers across all of GapTech to ensure that all of our customer developed platforms and technologies protect all Gap Customer and Employee Data analyzed, captured, processed, and/or stored. The Engineer will also be key to enabling security self-sufficiency across our DevOps organization by helping establish local programs such as the Security Champions, Security University, and Application Security.
Key Duties
? Engages with the Business and DevOps partners using a consultative & partnering approach
? Establishes and maintains the local Security Champions program to enable business agility and improve the overall application security posture of GapTech products
? Engages with business partners on projects to assess for security risk and help deliver secure solutions via threat modeling, code review, penetration testing, and enforcing secure development lifecycle
? Assist with the implementation and execution of the application security program in collaboration with Business and DevOps partners
? Actively participates in the creation of the Security University curriculum for internal InfoSec employees and business partners
? Stays abreast of trends and advances in IT/security solutions and monitors changes in the operating environment that affect information security
? Presents security updates, recommendations, strategic opportunities to local leadership
? Develops relationships with local business leaders, challenging status quo on security matters
? Provides advice on a broad range of security items and strategies
Competencies
? Web application security experience including OWASP Top 10 vulnerabilities, browser security, javascript security, and rich web safety
? Deep understanding of web application attacks including SQLi, XSS, XXE, and other common security issues
? Creating and delivering usable introductory to advanced training to other engineers on security practices
? Significant knowledge of TCP/IP, cryptographic protocols and algorithms, operating system internals and operations, and application level protocols
? Demonstrated programming ability in C, C++, Java, php, Javascript, python, perl, and other languages
? Ability to configure, operate, and understand the regular workings of the following: Apache, PHP, SSH, UNIX hosts, TLS, etc.
? Experience working in a risk based environment including mitigation, planning and implementation
? Operational flexibility in modifying business and operating practices to adapt to a changing environment
? Demonstrated ability to innovate and operate outside the comfort zone of established methods and procedures
? Demonstrated ability to gain immediate credibility at all levels both inside and outside the organization and develop lasting, productive and collaborative relationships
? Excellent communication and influencing skills including the ability to simplify key messages, present compelling stories and promote technical and personal credibility with internal and external executives, and both technical and non-technical audiences
? Proven success working across organizational and geographic boundaries
? Preferred Certifications - CISSP, CISA, CISM, CRISC, CGEIT, ISO27001
Minimum Education Level
? Bachelor’s in Computer Science, Engineering or related technical field
Minimum Experience
? Minimum 5 years experience in an information-security related occupation
职能类别: 技术总监/经理
公司介绍
GAP为各年龄层消费者带来经典的美国风尚。
从1969年创立以来,GAP一直广受时尚消费者青睐,人们喜欢用GAP时髦又休闲的服饰轻松搭配,穿出自己的时尚风格。今天,GAP依然是人们选购T恤、帽衫、贴身裤装和牛仔等衣橱必备的首选品牌。
从最初的Gap发展到现在包括GapKids, babyGap, GapMaternity和gapbody的全系列产品,GAP能满足各年龄层消费者的时尚需求。
发展至今,GAP已成为以“酷、自信、休闲”风格的服饰演绎生活方式的文化标志。
从1969年创立以来,GAP一直广受时尚消费者青睐,人们喜欢用GAP时髦又休闲的服饰轻松搭配,穿出自己的时尚风格。今天,GAP依然是人们选购T恤、帽衫、贴身裤装和牛仔等衣橱必备的首选品牌。
从最初的Gap发展到现在包括GapKids, babyGap, GapMaternity和gapbody的全系列产品,GAP能满足各年龄层消费者的时尚需求。
发展至今,GAP已成为以“酷、自信、休闲”风格的服饰演绎生活方式的文化标志。
联系方式
- 公司地址:上城区延安路278号
- 电话:13621652304