Senior Security Engineer, Red Team

An overview of this role

We are looking for a senior-level Red Team engineer, meaning someone who has 2+ years experience conducting adversary emulation exercises either as an internal Red Team operator or as a consultant. If you’re a penetration tester who also does Red Team engagements, that’s great too! This role is focused on the latter, so it’s important that you understand the difference and can demonstrate experience with both.

You will be writing very detailed reports, creating videos, and communicating complex topics to folks across the organization with various levels of security knowledge. As a senior member of our team, you’ll also spend time teaching and mentoring other engineers.

GitLab’s environment is very different to traditional organizations, and attacking it takes creativity. There are no wireless corporate networks to sniff, there is no Active Directory to roast, and you won’t find a single hash being passed. To be successful on our Red Team, you must be able to adapt traditional attack techniques to an all-remote, all-cloud, and SaaS-based environment.

Our Red Team operations are planned in-depth, and typically span three months each. This means you will have the time to dig deep into developing and executing realistic attack techniques. As our organization grows and matures, so does our Red Team! You will have an opportunity to shape our roadmap and help us become better attackers.

Outside of these planned operations, we also make room for what we call “open-scope” work. This gives you the opportunity to get creative, pursuing your own interests and ideas while helping to identify and reduce risk. We are possibly the most transparent Red Team in the world, and you will be encouraged to write blogs based on your research, contribute to our public handbook, and publish open-source tools and exploits.

The recommendations we provide internally are taken very seriously, and our work has a direct impact on the organization and the product. We have a great relationship with our friends on the Blue Team, and you’ll be able to collaborate with folks from all over the organization to help make things more secure.

Some further links to explore:

• Red Team Handbook page
• Blog: How we run Red Team operations remotely
• Red Team Tech Notes

What you’ll do  

• Maintain a deep understanding of GitLab’s product offerings, how they work, and how they could be attacked or abused
• Propose, plan, lead, and execute Red Team operations based on realistic threats to the organization
• Automate attack techniques, creating custom tooling for specific operations and contributing to general-purpose open source tools
• Deploy and manage attack infrastructure for stealth operations
• Write detailed reports covering the goals and outcomes of Red Team operations, including significant observations and recommendations
• Collaborate with GitLab’s Security Incident Response Team (SIRT) to improve detection and response capabilities
• Collaborate with GitLab’s Infrastructure Security Team to propose defensive improvements to cloud environments
• Collaborate across multiple product teams to propose enhancements and additions to GitLab’s SaaS and self-hosted offerings
• Collaborate with non-technical teams to propose process and policy enhancements and additions
• Stay informed on current security trends, advisories, publications, and academic research that is relevant our organization
• Publish blogs and submit talks to security conferences
• Create and deliver short video summaries of completed Red Team operations

What you’ll bring 

• Ability to use GitLab
• Two or more years experience conducting adversary-emulation exercises
• Deep knowledge of the MITRE ATT&CK framework
• Experience deploying, managing, and operating a Command & Control (C2) framework
• Ability to automate tasks by writing scripts/programs - we often use Python and Go
• Ability to read and understand multiple programming languages, especially Ruby and Go
• Expert-level command-line experience with Linux-based operating systems
• Experience exploiting vulnerabilities in at least two of the following areas:
• Web applications
• Cloud environments (GCP / AWS)
• Linux and/or MacOS workstations
• CI/CD, or software supply chain
• Hands-on experience with at least one of the major cloud providers (GCP, AWS, Azure)
• An adversarial mindset - you must be able to put yourself in the mind of the attacker
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner

About the team

Gitlab’s Red Team conducts security exercises that emulate real-world threats. We do this to help assess and improve the effectiveness of the people, processes, and technologies used to keep our organization secure. You can read more about our team in the handbook.

You will be the third engineer on the team, reporting to a manager in Australia. Your teammates will be based in the US and Europe. This geographic distribution means we do a lot of work asynchronously, so you should feel comfortable working independently and maintaining detailed documentation of your work.

How GitLab will support you

• Benefits to support your health, finances, and well-being
• All remote, asynchronous work environment
• Flexible Paid Time Off
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and development budget 
• Parental leave 
• Home office support

Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role but don't strictly meet all of the requirements then please apply, letting us know why you're interested and allow our recruiters to assess your application.