Gitlab hero border pattern left svg Gitlab hero border pattern right svg

Red Team

As members of GitLab's Security Operations sub department, the Red Team emulates real world adversary activities in order to better our enterprise and product security. This team requires thinking like an attacker while understanding the various levels of defensive technologies and their effectiveness. Creativity is key. Our Red Team develops in depth attack plans that focus on compromising GitLab, test existing defenses or assist in building new defenses based on real world attack data. The Red Team does not do penetration testing or vulnerability assessments, we conduct real world attack operations against live targets. To sum it up – you need to be someone that is a true hacker at heart while understanding the various defensive techniques that make your job harder.

Responsibilities

  • Understanding of GitLab’s products and how they work
  • Utilize Threat Modeling methodologies to identify threats and shape Red Team operations
  • Understanding of Mitre’s ATT&CK Framework
  • Focus on designing, researching, and executing real world attacks on GitLab infrastructure and products
  • Incorporate current security trends, advisories, publications, and academic research
  • Report on the Red Team engagements providing an in-depth analysis of the security issues identified
  • Collaborate with defensive and infrastructure teams to improve defenses
  • Identify complex security vulnerabilities and build exploits
  • Publish blog posts and present talks at security conferences
  • Contribute to GitLab products by testing and proposing new features

Requirements

  • Ability to use GitLab
  • Experience with designing and implement processes and tools to identify gaps in GitLab's security posture
  • Technical knowledge of systems in a multi-tenant, cloud environment
  • Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details.

Levels

Red Team Engineer (Intermediate)

This position reports to the Manager, Red Team.

Red Team Engineer (Intermediate) Job Grade

The Red Team Engineer is a grade 6.

Red Team Engineer (Intermediate) Responsibilities

  • Participate in threat modeling sessions on various aspects of our infrastructure and products
  • Participate in performing Red Team Operations
  • Contribute to Red Team open source projects and internal tooling efforts
  • Publish Red Team Tech Notes outlining attack techniques and other technical concepts

Red Team Engineer (Intermediate) Requirements

  • Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent and 3+ years of professional experience in cyber security or related field
  • Proven technical task management experience
  • Experience working remotely on a widely distributed team
  • Can convey technical information in writing at an intermediate level
  • Intermediate knowledge of exploit techniques, and common TTPs
  • Intermediate knowledge of one or more programming or scripting languages

Senior Red Team Engineer

This position reports to the Manager, Red Team.

Senior Red Team Engineer Job Grade

The Senior Red Team Engineer is a grade 7.

Senior Red Team Engineer Responsibilities

  • Extends Red Team Engineer responsibilities, plus;
  • Lead both solo and group Red Team Operations
  • Submit talk abstracts to top tier Information Security conferences
  • Help identify new Red Team Operations
  • Perform "read outs" of completed Red Team Operations
  • Collaborate closely with defensive and infrastructure teams

Senior Red Team Engineer Requirements

  • Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent and 5+ years of professional experience in cyber security or related field
  • Proven technical task management experience
  • Experience working remotely on a widely distributed team
  • Can convey technical information in writing at a senior level
  • Intermediate knowledge of exploit techniques, and common TTPs
  • Intermediate knowledge of one or more programming or scripting languages

Staff Red Team Engineer

This position reports to the Manager, Red Team.

Staff Red Team Engineer Job Grade

The Staff Red Team Engineer is a grade 8.

Staff Red Team Engineer Responsibilities

  • Extends Senior Red Team Engineer responsibilities, plus;
  • Lead threat modeling sessions on various aspects of our infrastructure and products
  • Identify new Red Team open source project opportunities and internal tooling needs
  • Identify areas of Red Team process improvement
  • Identify new Red Team Operations, document an attack plan and execute
  • Collaborate closely with defensive and infrastructure teams
  • Show thought leadership both internally at GitLab and externally with the general community

Staff Red Team Engineer Requirements

  • Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent and 8+ years of professional experience in cyber security or related field
  • Proven technical task management experience
  • Experience working remotely on a widely distributed team
  • Can convey technical information in writing at an expert level
  • Profound knowledge of exploit techniques, and common TTPs
  • Senior knowledge of one or more programming or scripting languages

Manager, Red Team

This position reports to the Senior Manager, Red Team .

Manager, Red Team Job Grade

The Red Team Manager is a grade 8.

Manager, Red Team Responsibilities

  • Hire a world class team of security engineers to work on their team
  • Help their team grow their skills and experience
  • Provide input on security architecture, issues, and features
  • Hold regular 1:1's with all members of their team
  • Create a sense of psychological safety on their team
  • Be your team's role model in terms of positive thinking, de-escalating conflict, and taking time off
  • Identify the need to, and drive the implementation of security-related technical and process improvements
  • Author project plans for security initiatives
  • Draft and succesfully deliver quarterly OKRs
  • Train team members to screen candidates and conduct managerial interviews
  • Draft and deliver operation reports and hold retrospectives
  • Build a substantial, collaborative partnership with Legal, Infrastructure, Alliances, and Product teams
  • Draft and present findings from Red Team operations to relevant stakeholders and business owners

Manager, Red Team Requirements

  • Proven track record as a member of offensive security, security research, or similar teams
  • Experience with leading security teams
  • Experience with working at a SaaS, or product company
  • Willingness to be part of the Security Manager on-call rotation
  • Robust sense of ownership, urgency, and drive
  • Excellent written and verbal communication skills, especially experience with executive-level communications
  • Capability to make sound decisions in the face of ambiguity and imperfect knowledge
  • Willingness to be part of the Security Manager On-Call rotation
  • First hand experience with major cloud providers - GCP, AWS, Azure, Digital Ocean
  • Share our values, and work in accordance with those values
  • Alignment with Manager responsibilities as outlined in Leadership at GitLab

Senior Manager, Red Team

This role extends the Security Incident Response Team Manager role by adding vision and strategy. It consolidates all SIRT teams' efforts and drives them towards a set of strategic goals. The Senior Manager, Red Team reports to the Director of Security Operations.

Senior Manager, Red Team Job Grade

The Security Incident Response Team Senior Manager is a 9.

Senior Manager, Red Team Responsibilities

  • Extends Manager, Red Team responsibilities, plus;
  • Provide tactical oversight of the teams' daily efforts
  • Maintain vision for the teams' immediate and near-term future
  • Develop and maintain teams' KPIs
  • Be your teams' role model in terms of positive thinking, de-escalating conflict, and taking time off
  • Help teams prioritise efforts and ensure they align with the overall direction of the company
  • Draft and successfully deliver on quarterly OKRs
  • Train team members to screen candidates and conduct managerial interviews
  • Build a substantial, collaborative partnership with peers from Legal, Infrastructure, Alliances, and Product departments
  • Take the role of an Incident Manager during larger security events not necessarily related to Red Team efforts
  • Take part in the Security Escalation On-Call rotation

Senior Manager, Red Team Requirements

  • Experience with leading people managers
  • Experience with leading Security or security-focused Site Reliability teams
  • Experience with working at a SaaS, or product company
  • Excellent written and verbal communication skills, especially experience with executive-level communications
  • Capability to make concrete progress in the face of ambiguity and imperfect knowledge
  • Being comfortable with rapid context switching
  • Willingness to be part of the Security Escalation On-Call rotation
  • Robust understanding of security issues, mitigations, and a solid grasp of the current global threat landscape
  • Experience with the role of an incident manager during large scale security events
  • Familiarity with major cloud providers - GCP, AWS, Azure, Digital Ocean
  • You share our values, and work in accordance with those values
  • Alignment with Manager responsibilities as outlined in Leadership at GitLab

Performance Indicators

Career Ladder

graph LR; sec:se(Red Team Engineer)-->sec:sse(Senior Red Team Engineer); sec:sse(Senior Red Team Engineer)-->sec:stse(Staff Red Team Engineer); sec:stse(Staff Red Team Engineer)-->sec:dse(Distinguished Red Team Engineer); sec:sse(Senior Red Team Engineer)-->sec:sem(Red Team Manager); sec:sem(Red Team Manager)-->sec:sesm(Red Team Senior Manager); sec:sesm(Red Team Senior Manager)-->sec:ds(Director of Security Operations);

For details on the Security organization leadership roles, to include the Security Operations Director and VP of Security, see the Security Leadership page.

Hiring Process

Candidates for this position can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

  • Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
  • Next, candidates will be invited to schedule an interview with Red Team Manager
  • Candidates will then be invited to schedule an interview with Senior Red Team Engineer, Security Incident Response Team Manager, Trust & Safety Manager
  • Candidates will then be invited to schedule an interview with Director of Security Operations
  • Successful candidates will subsequently be made an offer via email

Additional details about our process can be found on our hiring page.

About GitLab

GitLab Inc. is a company based on the GitLab open-source project. GitLab is a community project to which over 2,200 people worldwide have contributed. We are an active participant in this community, trying to serve its needs and lead by example. We have one vision: everyone can contribute to all digital content, and our mission is to change all creative work from read-only to read-write so that everyone can contribute.

We value results, transparency, sharing, freedom, efficiency, self-learning, frugality, collaboration, directness, kindness, diversity, inclusion and belonging, boring solutions, and quirkiness. If these values match your personality, work ethic, and personal goals, we encourage you to visit our primer to learn more. Open source is our culture, our way of life, our story, and what makes us truly unique.

Top 10 reasons to work for GitLab:

  1. Work with helpful, kind, motivated, and talented people.
  2. Work remote so you have no commute and are free to travel and move.
  3. Have flexible work hours so you are there for other people and free to plan the day how you like.
  4. Everyone works remote, but you don't feel remote. We don't have a head office, so you're not in a satellite office.
  5. Work on open source software so you can interact with a large community and can show your work.
  6. Work on a product you use every day: we drink our own wine.
  7. Work on a product used by lots of people that care about what you do.
  8. As a company we contribute more than we take, most of our work is released as the open source GitLab CE.
  9. Focused on results, not on long hours, so that you can have a life and don't burn out.
  10. Open internal processes: know what you're getting in to and be assured we're thoughtful and effective.

See our culture page for more!

Work remotely from anywhere in the world. Curious to see what that looks like? Check out our remote manifesto and guides.

Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license