The Security Assurance department is continuously growing both in terms of personnel and breadth of the program. As we continue to scale, self-operating automated processes will become a critical catalyst to driving mission success.
Security Assurance Automation Engineers are a critical dedicated resource that enable the Security Assurance department through the development, implementation, and maintenance of automated processes and controls.
Security Governance maintains an internal Security Assurance Automation project that is dedicated to the intake of Security Assurance related automation requests. As these requests are received, Security Assurance Automation Engineers triage and prioritize the requests. Once requests have been prioritized, an Epic is opened at the GitLab Security Department sub-group level. All work related to the automation request is tracked in its associated Epic.
This process allows all automation engineers across the Security Division to maintain visibility of all in-flight automation work. The use of Epics and the increased visibility also streamlines the process of requesting resources from our Security Automation team if necessary.
Security Assurance Automation Engineers will respond to new requests within 1 business day.
Once a Security Assurance related automation request is prioritized, Security Assurance Automation Engineers meet with the appropriate stakeholders to identify requirements and expectations. This information gathering process is critical to supporting development and to ensure the final output meets or exceeds initial expectations.
The Security Assurance Automation team is continuously engineering new automated solutions to manual processes. Below are a few projects that the team maintains.
The Feedback Bot - A bot that enables team members to send private feedback to other team members through Slack.
The Escalation engine - An engine that allows users to take automated actions on issues based on a predetermined set of criteria. The engine runs in a scheduled CI pipeline.
Sisense Dashboarding - Custom dashboards using our analytic tool that integrates with data sources across GitLab.
Insight Dashboarding - Custom issue analytic dashboards native to GitLab.
Routine and break-fix maintenance of automated controls and processes is performed by Security Assurance Automation Engineers for automation related to the department. Pro-active requests for maintenance can submitted through the Security Assurance Automation project.
Conversion of manual compliance control monitoring and evidence gathering processes to partially or fully automated processes. This will save time and reduce the opportunity for human error or oversight as our control framework expands.
