About the RoleWe are seeking a Senior Staff IAM Engineer with deep expertise in designing identity and access management (IAM) solutions for APIs, customers, and microservices-based cloud environments. In this role, you will be responsible for architecting secure and scalable identity solutions that integrate seamlessly into our e-commerce platform. Your ability to collaborate, negotiate, and drive optimal security solutions with cross-functional teams—including architecture, DevSecOps, and product engineering—will be key to success.What You'll Do

What you’ll do

As a key member of the Product Security organization, you will be designing and implementing cutting-edge security solutions at scale.Design and Engineer repeatable processes/solutions and implementation of new technologies and tools across the enterprise technology footprint.  Help drive technical and operational maturity from a security standpoint across all of Gap channels.Bring an automation-first mindset to drive productivity across all operational tasks.Work with Architects and Engineers to maintain accurate and reliable documentation of our network policy and design.  IAM Architecture & Design: Develop and implement IAM solutions for APIs, customers, and microservices in a cloud-native e-commerce environment.API Security: Design robust authentication and authorization mechanisms, including OAuth, OpenID Connect, JWT, and mutual TLS.DevSecOps Integration: Partner with DevSecOps teams to embed IAM best practices into CI/CD pipelines, automating identity governance and access controls.Cloud Security & IAM Governance: Define and enforce security policies for identity management across cloud platforms (AWS, Azure, or GCP).

Requirement Qualifications and Skills

Expertise in IAM & API Security: Proven experience designing IAM solutions for customer identity (CIAM), API security, and microservices authentication. Strong familiarity with common vulnerabilities and attack vectors across various industries – retail, ecom, fintech etc.Cloud-Native IAM: Hands-on experience with AWS IAM, Azure AD, GCP IAM, or third-party identity providers (Okta, Ping Identity, Auth0, etc.).Deep Protocol Knowledge: Strong understanding of OAuth 2.0, OpenID Connect, SAML, JWT, and federation architectures.Microservices & DevSecOps: Experience integrating IAM solutions with containerized workloads (Kubernetes, Docker) and securing service-to-service communication.Programming & Automation: Familiarity with Terraform, CloudFormation, or other IaC tools for IAM automation. Scripting experience (Python, Bash, etc.) is a plus.Security Certifications (Preferred): CISSP, CCSP, AWS Security Specialty, Azure Security Engineer, or equivalent.Strong Communication & Negotiation Skills: Ability to engage with architects, developers, and security teams to align on optimal IAM strategies.Who You Are