Gitlab hero border pattern left svg Gitlab hero border pattern right svg

Security Leadership

Security Leadership Roles at GitLab

Leaders in the security department at GitLab see the team as their product. While they are technically credible and know the details of what security engineers and analysts work on, their time is spent hiring a world-class team and putting them in the best position to succeed. They own the delivery of security commitments and are always looking to improve productivity. They must also coordinate across departments to accomplish collaborative goals. Security leaders have:

  • Command Skills - Relishes leading; takes unpopular stands if necessary; encourages direct and tough debate but isn’t afraid to end and move on; is looked to for guidance in a crisis; faces adversity head on; energized by tough challenges.
  • Conflict Management - Steps up to conflicts, seeing them as opportunities; reads situations quickly; good at focused listening; can hammer out tough agreements and settle disputes equitably; can find common ground and get cooperation with minimum noise.
  • Perspective - Looks toward the broadest possible view of an issue/challenge; has broad-ranging personal and business interests and pursuits; can easily pose future scenarios; can think globally; can discuss multiple aspects and impacts of issues and project them into the future.
  • Presentation Skills - Is effective in a variety of formal presentation settings: one-on-one, small and large groups, with peers, reports, and bosses; is effective both inside and outside the organization, on both cool data and hot and controversial topics; commands attention and can manage group processes during the presentation; can change tactics midstream when something isn’t working.
  • Priority Setting - Spends his/her time and the time of others on what’s important; quickly zeros in on the critical few and puts the trivial many aside; can quickly sense what will help or hinder accomplishing a goal; eliminates roadblocks; creates focus.
  • Process Management - Good at figuring out the processes necessary to get things done; knows how to organize people and activities; understands how to separate and combine tasks into efficient work flow; knows what to measure and how to measure it; can see opportunities for synergy and integration where others can’t; can simplify complex processes; gets more out of fewer resources.
  • Strategic Agility - Sees ahead clearly; can anticipate future consequences and trends accurately; has broad knowledge and perspective; is future oriented; can articulately paint credible pictures and visions of possibilities and likelihoods; can create competitive and breakthrough strategies and plans.
  • Building Effective Teams - Blends people into teams when needed; creates morale and spirit in their team; shares wins and successes; fosters open dialogue; lets people finish and be responsible for their work; defines success in terms of the whole team; creates a feeling of belonging in the team.
  • Managing Vision and Purpose - Communicates a compelling and inspired vision or sense of core purpose; talks beyond today; talks about possibilities; is optimistic; creates mileposts and symbols to rally support behind the vision; makes the vision shareable by everyone; can inspire and motivate entire units or organizations.

Responsibilities

  • Own a Sub-department of the GitLab Security Department
  • Run multiple teams within their Sub-department.
  • Hire a world class team of managers and security engineers to work on their teams
  • Assess and mitigate constantly changing threats
  • Help managers and team members grow their skills and experience
  • Manage multiple teams and projects
  • Hold weekly 1:1s with their reports
  • Hold monthly skip-level 1:1's with all members of their team
  • Create a sense of psychological safety on their Sub-department
  • Drive technical and process improvements
  • Drive quarterly OKRs
  • Represent the company publicly at conferences

Requirements

  • Ability to use GitLab
  • Exceptional communication skills, including verbal, written, and presentation skills, to a variety of stakeholders
  • You share our values, and work in accordance with those values
  • Leadership at GitLab

Levels

Senior Manager, Security

The Senior Manager, Security role is defined for each Security Team individually. However, a Senior Security Manager may be appointed at the sub-department level.

Senior Manager, Security Job Grade

The Senior Security Manager is a grade 9.

Senior Manager, Security Responsibilities

  • Effectively grow and develop sub-department Security managers and team members
  • Guide, coach and mentor sub-department Security managers
  • Review and assess sub-department team strategies, objectives and initiatives
  • May also manage a Security team
  • Manage company and Security department initiatives at the sub-department level
  • Responsible for overflow Director responsibilities
  • Ensure alignment across sub-department teams with Security department and Engineering orgnization objectives
  • Generate and implement process improvements, especially cross-team processes
  • Hold regular 1:1s with team managers and skip-level 1:1s with all members of their team
  • Assist in building morale, support and alignment within their sub-department
  • Work cross-functionally (both within and outside of Security) to promote and gain prioritization of sub-department needs

Senior Manager, Security Requirements

  • Technical credibility: Significant experience in multiple domains of sub-department
  • Management credibility: relevant, progressive experience in Security management
  • Ability to understand, communicate and improve the quality of multiple teams
  • Demonstrate longevity at at least one recent job
  • Ability to be successful managing at a remote-only company
  • Humble, servant leader

Hiring Process

Candidates for the senior manager positions can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

  • Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
  • Next, candidates will be invited to schedule a 45-60 minute interview with a Director of Security to which the position reports to
  • Candidates will then be invited to schedule 3 separate 45-60 minute interviews with additional directors and managers within the Security Organization
  • Candidates will then be invited to schedule an interview with the VP of Security
  • Successful candidates will subsequently be made an offer via email

Additional details about our process can be found on our hiring page.

Director, Security Assurance

This position reports to the VP of Security.

Director, Security Assurance Job Grade

The Director, Security Assurance is a grade 10.

Director, Security Assurance Responsibilities

  • Recruit, manage, motivate and develop high performing teams
  • Partner with the VP of Security in planning and development of enterprise information security strategy and best practices
  • Drive strategy for the Security Assurance organization, aligned with broader GitLab business initiatives, with a specific focus on expansion of the security certification portfolio
  • Consult with senior leaders regarding their information security risks and responsibilities in minimizing those risks
  • Drive operational efficiencies through process improvement and implementation of technical solutions
  • Manage a risk-based prioritization model for reviewing new project and work efforts
  • Participate in key customer calls, contract reviews and/or assessments providing leadership assurance on GitLab security
  • Act as an advocate for information security practices

Director, Security Assurance Requirements

  • Proven ability to successfully recruit, manage, motivate and develop high performing teams
  • Relevant, progressive experience managing information security teams
  • Proficient experience with industry standard security and risk frameworks/standards/laws/regulations: NIST 800-53, NIST CSF, HITRUST, PCI, FedRAMP, ISO27002, ISO 31000, etc.

Hiring Process

Candidates for the director positions can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

  • Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
  • Next, candidates will be invited to schedule a 45-60 minute interview with VP of Security
  • Candidates will then be invited to schedule 3 separate 45-60 minute interviews with peer directors and reporting managers of the Security Organization
  • Candidates may be requested to meet again with the VP of Security for a shortened conversation
  • Candidates will then be invited to schedule an interview with CTO of Engineering
  • Successful candidates will subsequently be made an offer via email

Additional details about our process can be found on our hiring page.

Director, Security Engineering & Research

This position reports to the VP of Security.

Director, Security Engineering & Research Job Grade

The Director, Application Security is a grade 10.

Director, Security Engineering & Research Responsibilities

  • Recruit, manage, motivate and develop high performing teams
  • Partner with the VP of Security in planning and development of enterprise information security strategy and best practices
  • Drive strategy for the Security Engineering & Research organization, aligned with broader GitLab business initiatives, with a specific focus on application security, security research, security automation, and external security communications.
  • Consult with senior leaders regarding their information security risks and drive mitigation efforts to reduce risk
  • Drive operational efficiencies through process improvement and implementation of technical solutions
  • Drive efforts to improve security awareness in the areas of application security and the secure development of code through education and training
  • Champion technical efforts to obtain and maintain compliance with customer, regulatory, and security compliance framework requirements
  • Secure the product and the company with innovative and industry leading technical security controls and practices
  • Partner with the VP of Security build and maintain the most transparent security program in the world
  • Act as an advocate for information security practices

Director, Security Engineering & Research Requirements

  • Proven ability to successfully recruit, manage, motivate and develop high performing teams
  • Relevant, progressive experience managing information security teams
  • Proficient experience with security technologies and engineering domains such as application security, cloud security, infrastructure security, containerized application architectures, and security automation

Hiring Process

Candidates for the director positions can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

  • Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
  • Next, candidates will be invited to schedule a 45-60 minute interview with VP of Security
  • Candidates will then be invited to schedule 3 separate 45-60 minute interviews with peer directors and reporting managers of the Security Organization
  • Candidates may be requested to meet again with the VP of Security for a shortened conversation
  • Candidates will then be invited to schedule an interview with CTO of Engineering
  • Successful candidates will subsequently be made an offer via email

Additional details about our process can be found on our hiring page.

Director, Security Operations

This position reports to the VP of Security.

Director, Security Operations Job Grade

The Director, Security Operations is a grade 10.

Director, Security Operations Responsibilities

  • Secure our product, services (GitLab.com, package servers, other infrastructure), and company (laptops, email)
  • Define and plan priorities for security related activities based on that risk analysis
  • Determine appropriate combination of internal security efforts and external security efforts including bug bounty programs, external security audits (penetration testing, black box, white box testing)
  • Analyze and advise on new security technologies
  • Build and manage a team, which currently consists of Security Managers, Security Engineers, and Security Analysts
    • Identify and fill positions
    • Grow skills in team leads and team members, for example by creating training and testing materials
    • Deliver input on promotions, function changes, demotions, and terminations
  • Ensure our engineers and contributors from the wider community run a secure software development lifecycle for GitLab by training them in best practices and creating automated tools
  • Involve in major security and service abuse events
  • Ensure we're compliant with our legal and contractual security obligations
  • Evangelise GitLab Security and Values to staff, customers and prospects

Director, Security Operations Requirements

  • Significant application and SaaS security experience in production-level settings
  • This position does not require extensive development experience but the candidate should be very familiar with common security libraries, security controls, and common security flaws that apply to Ruby on Rails applications
  • Experience managing teams of engineers, and leading managers
  • Experience with incident management

Hiring Process

Candidates for the director positions can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

  • Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
  • Next, candidates will be invited to schedule a 45-60 minute interview with VP of Security
  • Candidates will then be invited to schedule 3 separate 45-60 minute interviews with peer directors and reporting managers of the Security Organization
  • Candidates may be requested to meet again with the VP of Security for a shortened conversation
  • Candidates will then be invited to schedule an interview with CTO of Engineering
  • Successful candidates will subsequently be made an offer via email

Additional details about our process can be found on our hiring page.

Senior Director, Security

The Senior Director role extends the Director role defined by the functional area(s) the person manages.

Senior Director, Security Job Grade

The Senior Director, Security is a grade 11.

Senior Director, Security Responsibilities

  • Expanded scope and functional area ownership over sub-department director responsibilities
  • Assist in the mentoring and coaching of Security Directors and Managers
  • Overflow VP responsibilities
  • Ability to successfully drive department-level initiatives
  • Ability to drive and influence change cross-company
  • Provide a consistent/successful interface between all applicable stakeholders including, but not limited to, Engineering, Product, Finance and Sales
  • Development, measurement, and management of key metrics for functional area's performance
  • Develop sub-department roadmap and strategic vision
  • Ensure alignment of sub-department goals and iniatitives with department and company goals
  • Public facing security champion towards customers, community and media

Senior Director, Security Requirements

  • Technical credibility: Significant experience in all domains within sub-department
  • Management credibility: Relevant, progressive experience Security management leadership
  • Ability to understand, communicate and improve the quality of multiple teams
  • Demonstrate longevity at at least one recent job
  • Ability to be successful managing at a remote-only company
  • Humble, servant leader

Hiring Process

Candidates for the director positions can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

  • Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
  • Next, candidates will be invited to schedule a 45-60 minute interview with VP of Security
  • Candidates will then be invited to schedule 3 separate 45-60 minute interviews with directors and reporting managers within the Security Organization
  • Candidates may be requested to meet again with the VP of Security for a shortened conversation
  • Candidates will then be invited to schedule an interview with CTO of Engineering
  • Successful candidates will subsequently be made an offer via email

Additional details about our process can be found on our hiring page.

Vice President (VP) of Security

This position reports to the Chief Technology Officer (CTO).

VP of Security Job Grade

The VP of Security is a grade 12.

VP of Security Responsibilities

  • Set the vision of the Gitlab Security Department with a clear roadmap
  • Build and maintain a rapidly growing team with top-tier talent
  • Run the most transparent security organization in the world
  • Establish and implement security policies, procedures, standards, and guidelines
  • External communications: Blog, conference speaking, stream company events to YouTube
  • Work with customers and prospects to address security concerns
  • Manage a best-in-class bug bounty program with the highest rewards
  • Maintain Investor relations with regard to security
  • Act as central point-of-contact to Facility Security Officer for cleared facilities
  • Collaborate closely with People Ops, Legal, and any third-party firms to ensure the health and safety of organization’s employees globally
  • Leadership at GitLab

VP of Security Requirements

GitLab’s VP of Security must have all of the following attributes.

Must-haves:

  • Relevant, progressive experience managing information security teams
  • Excellent written and verbal communication skills
  • Be able to quickly hire top-quality team members and managers
  • Experience managing a multi-level security organization with managers and IC’s
  • Collaborate with other groups outside engineering such as Sales, Legal, People Ops, and Finance
  • Ability to excel in a remote-only, multicultural, distributed environment
  • Possess domain knowledge of common information security management frameworks and regulatory requirements and applicable standards such as ISO 27001, SOC 2, HIPAA, GDPR, PCI, Sarbox, etc.
  • Excellent project and program management skills and techniques

Nice-to-haves Great candidates will have some meaningful proportion of the following.

  • Working knowledge of the GitLab application
  • Relevant Bachelor's degree
  • Prior fast-growing startup experience
  • US Government security clearance
  • Product/Platform company experience
  • Self-managed (on-prem) software experience
  • SaaS software experience
  • Experience with consumer-scale services
  • Developer platform/tool industry experience
  • Deep open source software (OSS) experience

Hiring Process

Candidates for the director positions can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

  • Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
  • Next, candidates will be invited to schedule an interview with CTO of Engineering
  • Candidates will then be invited to schedule separate 60 minute interviews with three leaders of the organization
  • Candidates will then be invited to schedule an interview with CEO
  • Successful candidates will subsequently be made an offer via email

Additional details about our process can be found on our hiring page.

Career Ladder

For more details on the engineering career ladders, please review the engineering career development handbook page.

Performance Indicators

Compensation Calculator

To find out more about the compensation for this role, please apply to a role first. Once selected for a screening call, you'll be able to sign up here to view our compensation calculator. Be sure to use the same email address for both.

About GitLab

GitLab Inc. is a company based on the GitLab open-source project. GitLab is a community project to which over 2,200 people worldwide have contributed. We are an active participant in this community, trying to serve its needs and lead by example. We have one vision: everyone can contribute to all digital content, and our mission is to change all creative work from read-only to read-write so that everyone can contribute.

We value results, transparency, sharing, freedom, efficiency, self-learning, frugality, collaboration, directness, kindness, diversity, inclusion and belonging, boring solutions, and quirkiness. If these values match your personality, work ethic, and personal goals, we encourage you to visit our primer to learn more. Open source is our culture, our way of life, our story, and what makes us truly unique.

Top 10 Reasons to Work for GitLab:

  1. Mission: Everyone can contribute
  2. Results: Fast growth, ambitious vision
  3. Flexible Work Hours: Plan your day so you are there for other people & have time for personal interests
  4. Transparency: Over 2,000 webpages in GitLab handbook, GitLab Unfiltered YouTube channel
  5. Iteration: Empower people to be effective & have an impact, Merge Request rate, We dogfood our own product, Directly responsible individuals
  6. Diversity, Inclusion & Belonging: A focus on gender parity, Team Member Resource Groups, other initiatives
  7. Collaboration: Kindness, saying thanks, intentionally organize informal communication, no ego
  8. Total Rewards: Competitive market rates for compensation, Equity compensation, global benefits (inclusive of office equipment)
  9. Work/Life Harmony: Flexible workday, Friends and Family days
  10. Remote Done Right: One of the world's largest all-remote companies, prolific inventor of remote best practices

See our culture page for more!

Work remotely from anywhere in the world. Curious to see what that looks like? Check out our remote manifesto and guides.

Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license