- You are here:
- Engineering Roles
- Security Engineering Management
Security Management Roles at GitLab
Managers in the security engineering department at GitLab see the team as their product. While they are technically credible and know the details of what security engineers work on, their time is spent hiring a world-class team and putting them in the best position to succeed. They own the delivery of security commitments and are always looking to improve productivity. They must also coordinate across departments to accomplish collaborative goals.
- Hire a world class team of security engineers to work on their team
- Help security engineers grow their skills and experience
- Provide input on security architecture, issues, and features
- Hold regular 1:1's with all members their team
- Create a sense of psychological safety on your team
- Recommend security-related technical and process improvements
- Author project plans for security initiatives
- Draft quarterly OKRs
- Train engineers to screen candidates and conduct managerial interviews
- Strong sense of ownership, urgency, and drive
- Excellent written and verbal communication skills, especially experience with executive-level communications
- Ability to make concrete progress in the face of ambiguity and imperfect knowledge
- Leadership at GitLab
- Secure Development lifecycle (SDL) process guidance
- Style guides and design best practices for engineering
- Courses for engineering (including guest speakers)
- Reduce surface area in application (Git Annex, old API)
- Document security trade-offs
- Automated testing/linting
- Red team activity
- Detection and response
- Network security
- Patch management / Vulnerability management and coordination
- Defense in depth recommendations
- Source code analysis by externals
- Bug bounty program
- Endpoint security
- Credential management
- Identity and access management
Director of Security
The Director of Security role extends the Security Manager role.
- Own all of GitLab security, including security compliance, internal and product security
- Hire a world class team of managers and security engineers to work on their teams
- Help their managers and security engineers grow their skills and experience
- Manage multiple teams and projects
- Hold regular skip-level 1:1's with all members of their team
- Create a sense of psychological safety on your teams
- Drive technical and process improvements
- Drive quarterly OKRs
- Represent the company publicly at conferences
- Secure our products (GitLab CE/EE), services (GitLab.com, package servers, other infrastructure), and company (laptops, email).
- Keep our risk analysis up to date.
- Define and plan priorities for security related activities based on that risk analysis.
- Determine appropriate combination of internal security efforts and external
security efforts including bug bounty programs, external security audits
(penetration testing, black box, white box testing).
- Analyze and advise on new security technologies.
- Build and manage a team, which currently consists of Security Managers
and Security Engineers.
- Identify and fill positions.
- Grow skills in team leads and individual contributors, for example by
creating training and testing materials.
- Deliver input on promotions, function changes, demotions, and terminations.
- Ensure our engineers and contributors from the wider community run a secure software development lifecycle for GitLab by training them in best practices and creating automated tools.
- Respond to security and service abuse incidents.
- Perform red team security testing of our product and infrastructure.
- Run our bounty program effectively.
- Ensure we're compliant with our legal and contractual security obligations.
- Significant application and SaaS security experience in production-level settings.
- This position does not require extensive development experience but the
candidate should be very familiar with common security libraries, security
controls, and common security flaws that apply to Ruby on Rails applications.
- Experience managing teams of engineers, and leading managers.
- Experience with (managing) incident response.
- You share our values, and work in accordance with those values.
- Leadership at GitLab
Senior Director of Security
- Set the vision of the Gitlab Security Department with a clear roadmap
- Build and maintain a rapidly growing team with top-tier talent
- Run the most transparent security organization in the world
- Run multiple teams within the department: Security Automation, Application Security, Security Operations, Abuse Operations, Compliance, Threat Intelligence, Strategic Security, Security Research, etc.
- Secure the company
- Secure our self-managed (on-prem) project and products: GitLab CE/EE
- Secure our user-facing SaaS: GitLab.com
- Manage the security incident response process
- Assess and mitigate constantly changing threats
- Establish and implement security policies, procedures, standards, and guidelines
- External communications: Blog, conference speaking, stream company events to YouTube
- Work directly with customers and prospects to address security concerns
- Manage a best-in-class bug bounty program with the highest rewards
- Maintain Investor relations with regard to security
- Act as central point-of-contact to Facility Security Officer for cleared facilities
- Collaborate closely with People Ops, Legal, and any third-party firms to ensure the health and safety of organization’s employees globally
- Leadership at GitLab
- Set up a “Red team” initiative
- Architect and build zero-trust network (ZTN) model
- Best in-class anti-phishing measures
- Test breach remediation
- Ensure regular, automated credential rotation
- Implement a defense-in-depth model
- Implement multi-factor authentication
- Secure and manage internal and external endpoints
Must-haves Skills & Experience
GitLab’s senior director of Security must have all of the following attributes.
- At least 10 years prior experience managing information security teams
- Excellent written and verbal communication skills
- Be able to quickly hire top-quality individuals contributors and managers
- Experience managing a multi-level security organization with managers and IC’s
- Collaborate with other groups outside engineering such as Sales, Legal, People Ops, and Finance
- Ability to excel in a remote-only, multicultural, distributed environment
- Possess domain knowledge of common information security management frameworks and regulatory requirements and applicable standards such as ISO 27001, SOC 2, HIPAA, GDPR, PCI, Sarbox, etc.
- Excellent project and program management skills and techniques
Nice-to-have Skills & Experience
Great candidates will have some meaningful proportion of the following.
- Working knowledge of the GitLab application
- Relevant Bachelor's degree
- Prior fast-growing startup experience
- US Government security clearance
- Product/Platform company experience
- Self-managed (on-prem) software experience
- SaaS software experience
- Experience with consumer-scale services
- Developer platform/tool industry experience
- Deep open source software (OSS) experience
Security Management has the following job-family performance indicators.
Please note that if we are actively hiring for a position, you will see it
listed on our jobs page, where all of our current openings are
advertised. To apply, please click on the name of the role you are
interested in, which will take you to our applicant tracking system (ATS),
Avoid the confidence gap; you do not have to match all the listed
requirements exactly to apply. Our hiring process is described in more
detail in our hiring handbook.
GitLab Inc. is a company based on the GitLab open-source project. GitLab is
a community project to which over 1,000 people worldwide have contributed.
We are an active participant in this community, trying to serve its needs
and lead by example. We have one vision: everyone can
contribute to all digital content, and our mission is to change all creative
work from read-only to read-write so that everyone can contribute.
We value results, transparency, sharing, freedom,
efficiency, frugality, collaboration, directness, kindness, diversity and inclusion,
boring solutions, and quirkiness. If these values match your personality,
work ethic, and personal goals, we encourage you to visit our
primer to learn more. Open source is our culture, our way of
life, our story, and what makes us truly unique.
Top 10 reasons to work for GitLab:
- Work with helpful, kind, motivated, and talented people.
- Work remote so you have no commute and are free to travel and move.
- Have flexible work hours so you are there for other people and free to plan
the day how you like.
- Everyone works remote, but you don't feel remote. We don't have a head
office, so you're not in a satellite office.
- Work on open source software so you can interact with a large community and
can show your work.
- Work on a product you use every day: we drink our own wine.
- Work on a product used by lots of people that care about what you do.
- As a company we contribute more than we take, most of our work is released
as the open source GitLab CE.
- Focused on results, not on long hours, so that you can have a life and
don't burn out.
- Open internal processes: know what you're getting in to and be assured
we're thoughtful and effective.
See our culture page for more!
Work remotely from anywhere in the world. Curious to see what that looks
like? Check out our remote manifesto.