- You are here:
- Director of Security
GitLab Inc. is a company based on the GitLab open-source project. GitLab is a community project to which over 1,000 people worldwide have contributed. We are an active participant in this community, trying to serve its needs and lead by example. We have one vision: everyone can contribute to all digital content, and our mission is to change all creative work from read-only to read-write so that everyone can contribute.
We value results, transparency, sharing, freedom, efficiency, frugality, collaboration, directness, kindness, diversity, boring solutions, and quirkiness. If these values match your personality, work ethic, and personal goals, we encourage you to visit our primer to learn more. Open source is our culture, our way of life, our story, and what makes us truly unique.
Top 10 reasons to work for GitLab:
- Work with helpful, kind, motivated, and talented people.
- Work remote so you have no commute and are free to travel and move.
- Have flexible work hours so you are there for other people and free to plan the day how you like.
- Everyone works remote, but you don't feel remote. We don't have a head office, so you're not in a satellite office.
- Work on open source software so you can interact with a large community and can show your work.
- Work on a product you use every day: we drink our own wine.
- Work on a product used by lots of people that care about what you do.
- As a company we contribute more than we take, most of our work is released as the open source GitLab CE.
- Focused on results, not on long hours, so that you can have a life and don't burn out.
- Open internal processes: know what you're getting in to and be assured we're thoughtful and effective.
See our culture page for more!
The Director of Security reports to the VP of Engineering.
Our thesis is that Good Security Is Holistic. We think that simulating a security culture in engineering is one of the most important things. We don't do checklist security, the goal is to keep the trust of our users by being secure, compliance is not a goal in itself. We don't think that third party products are unimportant but they are not a silver bullet to making everything secure.
As Director of Security at GitLab, you will succeed if you enable, enact, and evangelize such holistic security around the application, GitLab.com, and the organization as a whole such that GitLab and GitLab.com are established as being at the vanguard of security thinking and practices.
- Secure our products (GitLab CE/EE), services (GitLab.com, package servers, other infrastructure), and company (laptops, email).
- Keep our risk analysis up to date.
- Define and plan priorities for security related activities based on that risk analysis.
- Determine appropriate combination of internal security efforts and external security efforts including bug bounty programs, external security audits (penetration testing, black box, white box testing).
- Analyze and advise on new security technologies.
- Build and manage a team, which currently consists of our Security Lead and Security Specialists(vacancy).
- Identify and fill positions.
- Grow skills in team leads and individual contributors, for example by creating training and testing materials.
- Deliver input on promotions, function changes, demotions, and terminations.
- Ensure our engineers and contributors from the wider community run a secure software development lifecycle for GitLab by training them in best practices and creating automated tools.
- Respond to security and service abuse incidents.
- Perform red team security testing of our product and infrastructure.
- Run our bounty program effectively.
- Ensure we're compliant with our legal and contractual security obligations.
- Significant application and SaaS security experience in production-level settings.
- This position does not require extensive development experience but the applicant should be very familiar with common security libraries, security controls, and common security flaws that apply to Ruby on Rails applications.
- Experience managing teams of engineers, and leading managers.
- Experience with (managing) incident response.
- You share our values, and work in accordance with those values.
The hiring process for this role consists of at least
- screening call
- interview with Security Lead
- interview with Director of Infrastructure
- interview with VP of Engineering
- interview with CEO
As always, the interviews and screening call will be conducted via a video call. See more details about our hiring process on the hiring handbook.
Avoid the confidence gap; you do not have to match all the listed requirements exactly to apply. Our hiring process is described in more detail in our hiring handbook.
Work remotely from anywhere in the world. Curious to see what that looks like? Check out our remote manifesto. Apply