Gitlab hero border pattern left svg Gitlab hero border pattern right svg

Senior Security Engineer, Security Operations

Department: Security

Apply now
Remote
This position is remote based.

The Security Team is responsible for the internal security of GitLab, GitLab.com services, and actively contribute to the security of the open source and enterprise editions of the GitLab product.  Security Engineers engage with partner teams across GitLab to solve common goals and encourage good security practices.

Security Operations Engineers are the firefighters of the GitLab Security Team.  As a Senior Security Engineer in Operations your daily duties will include incident response, log analysis, forensics, tooling and automation development, as well as contributing to strategic improvements to the GitLab products and GitLab.com services.  Successful Senior Security Engineers thrive in high-stress environments and can think like both an attacker and defender, have the ability to engage with and mentor more junior Security Engineers, and can help come up with proactive and preventative security measures to keep GitLab and its user’s data safe.

Responsibilities

  • Detect and respond to company-wide security incidents
  • Log analysis
  • Security forensics
  • Develop and implement preventative security measures (detection, monitoring, exploitation)
  • Build security tools that enable the GitLab Security Team to operate at speed and scale
  • Incorporate current security trends, advisories, publications, and academic research
  • Engineer CND technologies to monitor and analyze (e.g. IDSes, Data collection tools)
  • Vulnerability management - triage and manage vulnerabilities identified through scanning
  • Identify and mitigate complex security vulnerabilities before an attacker exploits them
  • Communicate risks and mitigations across multiple audiences with varying levels of sensitivity  

Requirements

  • 5+ years of demonstrated experience in web or cloud security engineering, log aggregation, and/or penetration testing
  • 2+ years of direct experience with incident response
  • Experience with log analysis systems
  • Engineer, not an analyst mindset
  • In-depth knowledge of Linux tools/architecture and logging systems
  • Experience with Google Cloud Platform (GCP), AWS, and/or Azure
  • Experience with one or more programming languages  (Ruby on Rails, Go, PHP and/or Python)

The compensation calculator for this job can be found here.

 
Remote-EMEA