Desired Skills and Experience

  • Secure our products (GitLab CE/EE), services (GitLab.com, package servers, other infrastructure), and company (laptops, email).
  • Keep our risk analysis up to date.
  • Define and plan priorities for security related activities based on that risk analysis.
  • Determine appropriate combination of internal security efforts and external security efforts including bug bounty programs, external security audits (penetration testing, black box, white box testing).
  • Analyze and advise on new security technologies.
  • Build and manage a team, which currently consists of our Security Lead and Security Specialists (vacancy).

Identify and fill positions. Grow skills in team leads and individual contributors, for example by creating training and testing materials. Deliver input on promotions, function changes, demotions, and terminations.

  • Identify and fill positions.
  • Grow skills in team leads and individual contributors, for example by creating training and testing materials.
  • Deliver input on promotions, function changes, demotions, and terminations.
  • Ensure our engineers and contributors from the wider community run a secure software development lifecycle for GitLab by training them in best practices and creating automated tools.
  • Respond to security and service abuse incidents.
  • Perform red team security testing of our product and infrastructure.
  • Run our bounty program effectively.
  • Ensure we’re compliant with our legal and contractual security obligations.
  • Significant application and SaaS security experience in production-level settings.
  • This position does not require extensive development experience but the applicant should be very familiar with common security libraries, security controls, and common security flaws that apply to Ruby on Rails applications.
  • Experience managing teams of engineers, and leading managers.
  • Experience with (managing) incident response.
  • You share our values, and work in accordance with those values.