IT Security Engineer

Role

As a member of the IT Security Operations team at GitLab, you will be working towards raising the bar on security, focusing on securing our internal systems and SaaS applications. We will achieve that by working and collaborating with cross-functional teams to provide guidance on security best practices.

Responsibilities for IT Security Engineer roles

  • Assess, deploy and optimize security tools as needed to improve security posture
  • Serve as a technical resource for IT, advising on Security related issues
  • Be naturally inquisitive and look constantly for ways to improve
  • Ability to communicate clearly on technical issues, especially through text-based mediums (Slack, GitLab Issues, Email)
  • Work with compliance and privacy regulations such as PCI, GDPR, FedRAMP, and SOX
  • Assist with recruiting activities and administrative work

Requirements for IT Security Engineer roles

  • Technical Skills in three or more of the following:
    • Endpoint detection and response (EDR) platforms
    • Device management/asset inventory tools
    • Securing Mac and Linux devices
    • Email security
    • Identity and access management
    • Authentication technologies such as OAuth, SAML, CAs and TOTP, SSO
    • Securing public Cloud environments (AWS, Azure, GCP)
    • Vulnerability detection and remediation
    • Security incident response
    • Metric collection and dashboard creation
  • Automation & scripting experience using REST APIs
  • You have a passion for security
  • You are a team player, and enjoy collaborating with cross-functional teams
  • You are a great communicator
  • You employ a flexible and constructive approach when solving problems
  • You share our values, and work in accordance with those values
  • CISSP, CCSP, SANS or other relevant industry security-focused certifications preferred
  • Ability to use GitLab

Levels of IT Security Engineer

IT Security Engineer (Intermediate)

The IT Security Engineer (Intermediate) reports to the Manager, IT Security Operations.

The IT Security Engineer (Intermediate) Job Grade

The IT Security Engineer (Intermediate) is a grade 6.

IT Security Engineer (Intermediate) Responsibilities

  • Leverage understanding of fundamental security concepts
  • Triages/handles basic security issues
  • Be positive and solution oriented
  • Good written and verbal communication skills
  • Constantly working to improve endpoint and IT security

Senior Security Engineer

The Senior Security Engineer reports to the Manager, IT Security Operations](/job-families/finance/manager-it-security-operations/).

Senior Security Job Grade

The Senior Security Engineer is a grade 7.

Senior Security Engineer Responsibilities

The Senior Security Engineer role extends the IT Security Engineer (Intermediate) role.

  • Leverages security expertise in at least one specialty area
  • Triages and handles/escalates security issues independently
  • Conduct security architecture reviews and makes recommendations
  • Great written and verbal communication skills
  • Interview security candidates during hiring process

Career Ladder

A Senior Security Engineer may decide to pursue the may decide to pursue the Manager, IT Security Operations, should they wish to, or progress to Staff.

Staff Security Engineer

The Senior Security Engineer reports to the Manager, IT Security Operations.

Staff Security Job Grade

The Staff Security Engineer is a grade 8.

Staff Security Responsibilities

The Senior Security Engineer role extends the Senior Security Engineer role.

  • Recognized security expert in multiple specialty areas, with cross-functional team experience
  • Make security architecture decisions
  • Provide actionable and constructive feedback to cross-functional teams
  • Implement security technical and process improvements
  • Exquisite written and verbal communication skills
  • Author technical security documents
  • Author questions/processes for hiring and screening candidates

Career Ladder

A Staff Security Engineer may decide to pursue the Manager, IT Security Operations. .

Performance Indicators

  • Security tools compliance > 95%
  • Patch compliance > 95%

Hiring Process

All interviews are conducted using Zoom video conferencing software. Candidates for this position can expect the hiring process to follow the order below, with modifications to the process as required, based on specific situations. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

  • Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
  • Next, candidates will be invited to schedule a 45 minute Intervew with the Hiring Manager
  • After that, candidates will be invited to schedule a 30 minute interview with members of the IT team.
  • Finally, the candidates will interview with the Sr. Director of IT.

Additional details about our process can be found on our hiring page.

Career Ladder

For more details on the engineering career ladders, please review the engineering career development handbook page.

 


About GitLab

GitLab Inc. is a company based on the GitLab open-source project. GitLab is a community project to which over 2,200 people worldwide have contributed. We are an active participant in this community, trying to serve its needs and lead by example. We have one vision: everyone can contribute to all digital content, and our mission is to change all creative work from read-only to read-write so that everyone can contribute.

We value results, transparency, sharing, freedom, efficiency, self-learning, frugality, collaboration, directness, kindness, diversity, inclusion and belonging, boring solutions, and quirkiness. If these values match your personality, work ethic, and personal goals, we encourage you to visit our primer to learn more. Open source is our culture, our way of life, our story, and what makes us truly unique.

Top 10 Reasons to Work for GitLab:

  1. Mission: Everyone can contribute
  2. Results: Fast growth, ambitious vision
  3. Flexible Work Hours: Plan your day so you are there for other people & have time for personal interests
  4. Transparency: Over 2,000 webpages in GitLab handbook, GitLab Unfiltered YouTube channel
  5. Iteration: Empower people to be effective & have an impact, Merge Request rate, We dogfood our own product, Directly responsible individuals
  6. Diversity, Inclusion & Belonging: A focus on gender parity, Team Member Resource Groups, other initiatives
  7. Collaboration: Kindness, saying thanks, intentionally organize informal communication, no ego
  8. Total Rewards: Competitive market rates for compensation, Equity compensation, global benefits (inclusive of office equipment)
  9. Work/Life Harmony: Flexible workday, Family and Friends days
  10. Remote Done Right: One of the world's largest all-remote companies, prolific inventor of remote best practices

See our culture page for more!

Work remotely from anywhere in the world. Curious to see what that looks like? Check out our remote manifesto and guides.