Gitlab hero border pattern left svg Gitlab hero border pattern right svg

Security Leadership

Security Leadership Roles at GitLab

Leaders in the security department at GitLab see the team as their product. While they are technically credible and know the details of what security engineers and analysts work on, their time is spent hiring a world-class team and putting them in the best position to succeed. They own the delivery of security commitments and are always looking to improve productivity. They must also coordinate across departments to accomplish collaborative goals. Security leaders have:

  • Command Skills - Relishes leading; takes unpopular stands if necessary; encourages direct and tough debate but isn’t afraid to end and move on; is looked to for guidance in a crisis; faces adversity head on; energized by tough challenges.
  • Conflict Management - Steps up to conflicts, seeing them as opportunities; reads situations quickly; good at focused listening; can hammer out tough agreements and settle disputes equitably; can find common ground and get cooperation with minimum noise.
  • Perspective - Looks toward the broadest possible view of an issue/challenge; has broad-ranging personal and business interests and pursuits; can easily pose future scenarios; can think globally; can discuss multiple aspects and impacts of issues and project them into the future.
  • Presentation Skills - Is effective in a variety of formal presentation settings: one-on-one, small and large groups, with peers, reports, and bosses; is effective both inside and outside the organization, on both cool data and hot and controversial topics; commands attention and can manage group processes during the presentation; can change tactics midstream when something isn’t working.
  • Priority Setting - Spends his/her time and the time of others on what’s important; quickly zeros in on the critical few and puts the trivial many aside; can quickly sense what will help or hinder accomplishing a goal; eliminates roadblocks; creates focus.
  • Process Management - Good at figuring out the processes necessary to get things done; knows how to organize people and activities; understands how to separate and combine tasks into efficient work flow; knows what to measure and how to measure it; can see opportunities for synergy and integration where others can’t; can simplify complex processes; gets more out of fewer resources.
  • Strategic Agility - Sees ahead clearly; can anticipate future consequences and trends accurately; has broad knowledge and perspective; is future oriented; can articulately paint credible pictures and visions of possibilities and likelihoods; can create competitive and breakthrough strategies and plans.
  • Building Effective Teams - Blends people into teams when needed; creates morale and spirit in their team; shares wins and successes; fosters open dialogue; lets people finish and be responsible for their work; defines success in terms of the whole team; creates a feeling of belonging in the team.
  • Managing Vision and Purpose - Communicates a compelling and inspired vision or sense of core purpose; talks beyond today; talks about possibilities; is optimistic; creates mileposts and symbols to rally support behind the vision; makes the vision shareable by everyone; can inspire and motivate entire units or organizations.

Responsibilities

  • Own a Sub-department of the GitLab Security Department
  • Run multiple teams within their Sub-department.
  • Hire a world class team of managers and security engineers to work on their teams
  • Assess and mitigate constantly changing threats
  • Help managers and team members grow their skills and experience
  • Manage multiple teams and projects
  • Hold weekly 1:1s with their reports
  • Hold monthly skip-level 1:1's with all members of their team
  • Create a sense of psychological safety on their Sub-department
  • Drive technical and process improvements
  • Drive quarterly OKRs
  • Represent the company publicly at conferences

Requirements

  • Ability to use GitLab
  • Exceptional communication skills, including verbal, written, and presentation skills, to a variety of stakeholders
  • You share our values, and work in accordance with those values
  • Leadership at GitLab

Levels

Director, Security Assurance

This position reports to the VP of Security.

Director, Security Assurance Job Grade

The Director, Security Assurance is a grade 10.

Director, Security Assurance Responsibilities

  • Recruit, manage, motivate and develop high performing teams
  • Partner with the VP of Security in planning and development of enterprise information security strategy and best practices
  • Drive strategy for the Security Assurance organization, aligned with broader GitLab business initiatives, with a specific focus on expansion of the security certification portfolio
  • Consult with senior leaders regarding their information security risks and responsibilities in minimizing those risks
  • Drive operational efficiencies through process improvement and implementation of technical solutions
  • Manage a risk-based prioritization model for reviewing new project and work efforts
  • Participate in key customer calls, contract reviews and/or assessments providing leadership assurance on GitLab security
  • Act as an advocate for information security practices

Director, Security Assurance Requirements

  • Proven ability to successfully recruit, manage, motivate and develop high performing teams
  • At least 8 years prior experience managing information security teams
  • Proficient experience with industry standard security and risk frameworks/standards/laws/regulations: NIST 800-53, NIST CSF, HITRUST, PCI, FedRAMP, ISO27002, ISO 31000, etc.

Director, Security Engineering & Research

This position reports to the VP of Security.

Director, Security Engineering & Research Job Grade

The Director, Application Security is a grade 10.

Director, Security Engineering & Research Responsibilities

  • Recruit, manage, motivate and develop high performing teams
  • Partner with the VP of Security in planning and development of enterprise information security strategy and best practices
  • Drive strategy for the Security Engineering & Research organization, aligned with broader GitLab business initiatives, with a specific focus on application security, security research, security automation, and external security communications.
  • Consult with senior leaders regarding their information security risks and drive mitigation efforts to reduce risk
  • Drive operational efficiencies through process improvement and implementation of technical solutions
  • Drive efforts to improve security awareness in the areas of application security and the secure development of code through education and training
  • Champion technical efforts to obtain and maintain compliance with customer, regulatory, and security compliance framework requirements
  • Secure the product and the company with innovative and industry leading technical security controls and practices
  • Partner with the VP of Security build and maintain the most transparent security program in the world
  • Act as an advocate for information security practices

Director, Security Engineering & Research Requirements

  • Proven ability to successfully recruit, manage, motivate and develop high performing teams
  • At least 8 years prior experience managing information security teams
  • Proficient experience with security technologies and engineering domains such as application security, cloud security, infrastructure security, containerized application architectures, and security automation

Director, Security Operations

This position reports to the VP of Security.

Director, Security Operations Job Grade

The Director, Security Operations is a grade 10.

Director, Security Operations Responsibilities

  • Secure our product, services (GitLab.com, package servers, other infrastructure), and company (laptops, email)
  • Define and plan priorities for security related activities based on that risk analysis
  • Determine appropriate combination of internal security efforts and external security efforts including bug bounty programs, external security audits (penetration testing, black box, white box testing)
  • Analyze and advise on new security technologies
  • Build and manage a team, which currently consists of Security Managers, Security Engineers, and Security Analysts
    • Identify and fill positions
    • Grow skills in team leads and team members, for example by creating training and testing materials
    • Deliver input on promotions, function changes, demotions, and terminations
  • Ensure our engineers and contributors from the wider community run a secure software development lifecycle for GitLab by training them in best practices and creating automated tools
  • Involve in major security and service abuse events
  • Ensure we're compliant with our legal and contractual security obligations
  • Evangelise GitLab Security and Values to staff, customers and prospects

Director, Security Operations Requirements

  • Significant application and SaaS security experience in production-level settings
  • This position does not require extensive development experience but the candidate should be very familiar with common security libraries, security controls, and common security flaws that apply to Ruby on Rails applications
  • Experience managing teams of engineers, and leading managers
  • Experience with incident management

Hiring Process

Candidates for the director positions can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

  • Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
  • Next, candidates will be invited to schedule an interview with VP of Security
  • Candidates will then be invited to schedule separate 30 minute interviews with three members of the Security Organization
  • Candidates will then be invited to schedule an interview with CTO of Engineering
  • Successful candidates will subsequently be made an offer via email

Additional details about our process can be found on our hiring page.

Vice President (VP) of Security

This position reports to the Chief Technology Officer (CTO).

VP of Security Job Grade

The VP of Security is a grade 12.

VP of Security Responsibilities

  • Set the vision of the Gitlab Security Department with a clear roadmap
  • Build and maintain a rapidly growing team with top-tier talent
  • Run the most transparent security organization in the world
  • Establish and implement security policies, procedures, standards, and guidelines
  • External communications: Blog, conference speaking, stream company events to YouTube
  • Work with customers and prospects to address security concerns
  • Manage a best-in-class bug bounty program with the highest rewards
  • Maintain Investor relations with regard to security
  • Act as central point-of-contact to Facility Security Officer for cleared facilities
  • Collaborate closely with People Ops, Legal, and any third-party firms to ensure the health and safety of organization’s employees globally
  • Leadership at GitLab

VP of Security Requirements

GitLab’s VP of Security must have all of the following attributes.

Must-haves:

  • At least 10 years prior experience managing information security teams
  • Excellent written and verbal communication skills
  • Be able to quickly hire top-quality team members and managers
  • Experience managing a multi-level security organization with managers and IC’s
  • Collaborate with other groups outside engineering such as Sales, Legal, People Ops, and Finance
  • Ability to excel in a remote-only, multicultural, distributed environment
  • Possess domain knowledge of common information security management frameworks and regulatory requirements and applicable standards such as ISO 27001, SOC 2, HIPAA, GDPR, PCI, Sarbox, etc.
  • Excellent project and program management skills and techniques

Nice-to-haves Great candidates will have some meaningful proportion of the following.

  • Working knowledge of the GitLab application
  • Relevant Bachelor's degree
  • Prior fast-growing startup experience
  • US Government security clearance
  • Product/Platform company experience
  • Self-managed (on-prem) software experience
  • SaaS software experience
  • Experience with consumer-scale services
  • Developer platform/tool industry experience
  • Deep open source software (OSS) experience

Hiring Process

Candidates for the director positions can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

  • Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
  • Next, candidates will be invited to schedule an interview with CTO of Engineering
  • Candidates will then be invited to schedule separate 60 minute interviews with three leaders of the organization
  • Candidates will then be invited to schedule an interview with CEO
  • Successful candidates will subsequently be made an offer via email

Additional details about our process can be found on our hiring page.

Career Ladder

For more details on the engineering career ladders, please review the engineering career development handbook page.

Performance Indicators

Compensation Calculator

To find out more about the compensation for this role, please join our talent community first. Once you've joined, you'll be able to sign up here to view our compensation calculator. Be sure to use the same email address for both.

About GitLab

GitLab Inc. is a company based on the GitLab open-source project. GitLab is a community project to which over 2,200 people worldwide have contributed. We are an active participant in this community, trying to serve its needs and lead by example. We have one vision: everyone can contribute to all digital content, and our mission is to change all creative work from read-only to read-write so that everyone can contribute.

We value results, transparency, sharing, freedom, efficiency, self-learning, frugality, collaboration, directness, kindness, diversity, inclusion and belonging, boring solutions, and quirkiness. If these values match your personality, work ethic, and personal goals, we encourage you to visit our primer to learn more. Open source is our culture, our way of life, our story, and what makes us truly unique.

Top 10 reasons to work for GitLab:

  1. Work with helpful, kind, motivated, and talented people.
  2. Work remote so you have no commute and are free to travel and move.
  3. Have flexible work hours so you are there for other people and free to plan the day how you like.
  4. Everyone works remote, but you don't feel remote. We don't have a head office, so you're not in a satellite office.
  5. Work on open source software so you can interact with a large community and can show your work.
  6. Work on a product you use every day: we drink our own wine.
  7. Work on a product used by lots of people that care about what you do.
  8. As a company we contribute more than we take, most of our work is released as the open source GitLab CE.
  9. Focused on results, not on long hours, so that you can have a life and don't burn out.
  10. Open internal processes: know what you're getting in to and be assured we're thoughtful and effective.

See our culture page for more!

Work remotely from anywhere in the world. Curious to see what that looks like? Check out our remote manifesto and guides.

Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license