Security Internship

1. You are here:
2. Handbook
3. Security at GitLab
4. Security Internship

On this page

• Overview
• OKRs for the Internship
  • Functional Area KRs
• Roles
• Responsibilities
  • Manager Responsibilities
  • Mentor Responsibilities
  • Intern Responsibilities

Overview

The Security internship is the result of The Engineering Internship Pilot Program that started at the end of 2019. The ultimate goal of this program is to transform an entry-level candidate into an Individual Contributor who could meet the requirements for a Security Engineer.

OKRs for the Internship

Objective: Provide Exposure to Different Functional Areas of Security

• Key Result: Intern completes at least one week with each functional team in security.
• Key Result: Intern completes at least one key result in each funtional area. (Outlined Below)

Objective: Contribute to security of GitLab the product or GitLab the company

• Key Result: Intern completes a technical project that enchances the security of the GitLab product, or the security posture of the company.

Objective: Effective Communication of Security Ideas

• Key Result: Intern publishes a blog post on their internship experience or a security-related project on which they worked.

Objective: Expand the Intern's Network

• Key Result: Intern completes 10 coffee chats with GitLab Team Members outside of the Internship Program

Functional Area KRs

Area:Application Security & Security Research - Weeks of May 18th & 25th

• Key Result: Intern participates in the triage of 5 Hackerone reports
• Key Result: Intern participates in the response to 5 appsec pings

Area:Security Operations - Weeks of June 1st and 8th

• Key Result: Intern participates in the creation of 5 detection rules
• Key Result: Intern shadows 1 on-call or other security incident

Area:Trust & Safetys - Week of June 15th

• Key Result: Improve the detection of potential CI Abuse

Area:Security Assurance - Week of June 22nd

• Key Result: Complete a testing worksheet for 1 GCF control against 1 system/profile
• Key Result: Shadow on 1 sales call

Area:Security Automation - Week of June 29th

• Key Result: TBD

Area:Red Team - Week of July 6th

• Key Result: Determine the best approach to implement machine learning into GitRob's secret scanning.
• Key Result: Build PoC to demonstrate capabilities.

Roles

• Security Manager - Manager
• Senior Security Engineer(s) - Mentor(s)
• Security Intern

Responsibilities

Manager Responsibilities

Prior to the Start of the Internship:

• Engineering Manager and Mentor Internship Kick Off Meeting

During the first week:

• Schedule Weekly Meeting (no need to record these meetings)
• Walk through various team processes
• Work with intern to define their growth goals
• Create a rotation of functional teams and coordinate with team managers

Daily:

• Review / Respond to the Intern Daily Check In
• Serve as resource to the Intern for answering technical questions

Weekly

• Weekly 1-1:
  • Agenda:
    • Discuss Outstanding Questions
    • Review Status of current rotation
    • Review Status of growth goals and OKRs
• Ensure that intern has pair work time scheduled for each week

As needed:

• Create a backlog of small issues and assign to the Mentor, Engineering Manager and the Intern
• Identify best topics to pair work with the intern

Mentor Responsibilities

The Intern will have a Primary Mentor, however as the intern rotates throughout the teams, a engineer for each time should be designated as the mentor for that rotation.

Prior to the Start of the Internship:

• Engineering Manager and Mentor Internship Kick Off Meeting

Daily:

• Serve as resource to the Intern for answering technical questions

During the first week:

• Schedule Weekly Meeting (no need to record these)
• Walk through the security team processes with the intern

Weekly

• Participate in at least one pair work session
• Weekly 1-1:
  • Agenda:
    • Discuss Outstanding Questions
    • Review Status of current rotation
    • Review Status of current project

As needed:

• Identify best topics to pair worik with the intern.

Intern Responsibilities

During the first week:

• Follow the Internship Day to Day Activities
• Become familiar with the security section of the handbook
• Work with the manager to define goals for the internship

Weekly:

• Pre Populate the 1:1 agenda prior to the meeting
• Prioritize your work for the week and add to Google Calendar
• Participate in team meetings and activities
• Attend Coffee Chats with various GitLab Team Members

Daily:

• Perform a Daily Check In through Slack to the Editor_Intern_Slack private channel
  • What did you do yesterday?
  • What do you plan to do today?
  • Is anything blocking your work?
• Complete pair work sessions and assigned tasks in team rotations