Senior Security Engineer, Application Security
Remote
GitLab
From planning to production, bring teams together in one application. Ship secure code more efficiently to deliver value faster.Thank you for your interest in GitLab! It’s an exciting time to join our team. We're the world’s largest all-remote company, and we've been intentionally building our culture this way from the start. With more than 1,300 team members in 65+ countries, GitLab is a place where you can contribute from almost anywhere. We are an ambitious, productive team that embraces a set of shared values in everything we do.
All of our positions are 100% remote.
A brief overview of the GitLab Security department:
The GitLab Security Department is a 50+ person globally distributed team that consists of Security Engineering & Research, Security Operations, and Security Assurance.
Our Mission is to be most Transparent Security Group in the world with a results oriented approach.
By embracing GitLab values and being active in engaging with our customers, our staff and our product, we enhance the security posture of our company, products, and client-facing services. The security department works cross-functionally inside and outside GitLab to meet these goals.
Blogs about Security @ GitLab:
Laurence Bierner, Director of Security Engineering & Research
Our Security Engineering and Research sub-department are responsible for technical and engineering security specific to the GitLab product and internal used systems or applications.
The Security Engineering & Research sub-department's mission is to support the business and ensure that all GitLab products securely manage customer data. We do this by:
- Working closely with engineering, product, infrastructure, and other security department teams
- Designing and deploying custom automated security solutions
- Conducting in-depth security related research and assessments
- Transparently communicating important information externally to customers and the community alike
You can read about the team structure, mission, and vision in the Security Engineering & Research handbook.
Application Security
Application Security Engineers work closely with development teams, product managers (PM), and third-party groups (including the paid bug bounty program) to ensure that GitLab products are secure.
As an Application Security Engineer at GitLab, you will:
- participate in and support application security reviews and threat modeling, including code review and dynamic testing.
- own and perform application security vulnerability management.
- support the bug bounty program.
- facilitate and support the preparation of security releases.
- support and consult with product and development teams in the area of application security.
- assist in creation of security training.
- assist in development of automated security testing to validate that secure coding best practices are being used.
You should apply if:
- you are familiar with common security libraries, security controls, and common security flaws.
- you have Ruby on Rails or GoLang development or scripting experience and skills.
- you have experience with OWASP, static/dynamic analysis, and common security tools.
- you have a basic understanding of network and web related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, protocols).
- you are familiar with cloud security controls and best practices.
- you have experience working with developers.
- you have excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
- you have demonstrated the ability to onboard and integrate with an organization long-term. Within the last 5 years, you've worked at one company for at least 2 years.
- you have demonstrated the ability to work closely with other parts of the organization.
- you are able to thrive in a fully remote organization
- you are able to use GitLab
- you share our values, and work in accordance with those values
Tags: Application security Cloud Golang OWASP Ruby Scripting TCP/IP Vulnerability management
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open Forensics-related jobs