This position is remote based.
Security Engineers at GitLab work on securing our product and on internal security. On the product side, this includes the open source version of GitLab, the enterprise editions, and the GitLab.com service. Security Engineers work with peers on cross-functional teams dedicated to areas of the product. They also work together with product managers, developers, and the infrastructure teams to solve common goals.
The Security Application role focuses on working with functional groups across GitLab to assess the security architecture of new products and capabilities. Examples include executing and maintaining a security review program, and working with development teams to define and evangelize security best practices.
The Security Team is responsible for leading and implementing the various initiatives that relate to improving GitLab's security.
- Own vulnerability management and mitigation approaches
- Conduct threat modeling tied to security services
- Conduct application security reviews
- Implement secure architecture design
- Provide security training and outreach to internal development teams
- Develop security guidance documentation
- Assist with recruiting activities and administrative work
- Define, implement, and monitor security measures to protect GitLab.com and company assets
- Familiarity with common security libraries, security controls, and common security flaws that apply to Ruby on Rails applications
- Some development experience (Ruby and Ruby on Rails preferred; for GitLab debugging)
- Experience with OWASP, static/dynamic analysis, and common exploit tools and methods
- Experience with Google Cloud and GCP-related services
- Experience with Go and Automation are pluses
- Comfortable with using Git
- Excellent written and verbal communication skills
- Demonstrable teamwork skills and resourcefulness
- Passion for open source
- Linux experience (e.g. Ubuntu)
- Please view the compensation range for this role at the bottom of the position description.