Senior Security Engineer, Application Security
Thank you for your interest in GitLab! It’s an exciting time to join our team. We're the world’s largest all-remote company, and we've been intentionally building our culture this way from the start. With more than 1,300 team members in 65+ countries, GitLab is a place where you can contribute from almost anywhere. We are an ambitious, productive team that embraces a set of shared values in everything we do.
Our Mission is to be most Transparent Security Group in the world with a results oriented approach.
By embracing GitLab values and being active in engaging with our customers, our staff and our product, we enhance the security posture of our company, products, and client-facing services. The security department works cross-functionally inside and outside GitLab to meet these goals.
Blogs about Security @ GitLab:
Laurence Bierner, Director of Security Engineering & Research
Our Security Engineering and Research sub-department are responsible for technical and engineering security specific to the GitLab product and internal used systems or applications.
The Security Engineering & Research sub-department's mission is to support the business and ensure that all GitLab products securely manage customer data. We do this by:
- Working closely with engineering, product, infrastructure, and other security department teams
- Designing and deploying custom automated security solutions
- Conducting in-depth security related research and assessments
- Transparently communicating important information externally to customers and the community alike
You can read about the team structure, mission, and vision in the Security Engineering & Research handbook.
Application Security Engineers work closely with development teams, product managers (PM), and third-party groups (including the paid bug bounty program) to ensure that GitLab products are secure.
As an Application Security Engineer at GitLab, you will:
- participate in and support application security reviews and threat modeling, including code review and dynamic testing.
- own and perform application security vulnerability management.
- support the bug bounty program.
- facilitate and support the preparation of security releases.
- support and consult with product and development teams in the area of application security.
- assist in creation of security training.
- assist in development of automated security testing to validate that secure coding best practices are being used.
You should apply if:
- you are familiar with common security libraries, security controls, and common security flaws.
- you have Ruby on Rails or GoLang development or scripting experience and skills.
- you have experience with OWASP, static/dynamic analysis, and common security tools.
- you have a basic understanding of network and web related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, protocols).
- you are familiar with cloud security controls and best practices.
- you have experience working with developers.
- you have excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
- you have demonstrated the ability to onboard and integrate with an organization long-term. Within the last 5 years, you've worked at one company for at least 2 years.
- you have demonstrated the ability to work closely with other parts of the organization.
- you are able to thrive in a fully remote organization
- you are able to use GitLab
- you share our values, and work in accordance with those values
Explore more Information Security career opportunities
- Open Cyber Security Engineer Jobs
- Open Network Security Engineer Jobs
- Open Threat Intelligence Response Analyst Jobs
- Open Staff Security Engineer Jobs
- Open Senior Penetration Tester Jobs
- Open Cybersecurity Analyst Jobs
- Open IT Security Engineer Jobs
- Open Chief Information Security Officer Jobs
- Open Software Security Engineer Jobs
- Open Information Security Officer Jobs
- Open Threat Intelligence Analyst Jobs
- Open Infrastructure Security Engineer Jobs
- Open Vulnerability Analyst Jobs
- Open Computer Forensic Software Engineer Jobs
- Open Lead Security Engineer Jobs
- Open Staff Engineer, Cloud Security Jobs
- Open Senior Infrastructure Security Engineer Jobs
- Open Personnel Security Officer Jobs
- Open Senior Information Security Engineer Jobs
- Open Senior Information Security Analyst Jobs
- Open IAM Engineer Jobs
- Open Sr. Software Engineer - Detection Engineering Jobs
- Open Manager, Cybersecurity and Trust Jobs
- Open Principal Security Engineer Jobs
- Open DevOps Security Engineer Jobs
- Open Audits-related jobs
- Open CEH-related jobs
- Open Clearance-related jobs
- Open Open Source-related jobs
- Open PCI-related jobs
- Open Risk management-related jobs
- Open NIST-related jobs
- Open Forensics-related jobs
- Open IDS-related jobs
- Open Google-related jobs
- Open OSCP-related jobs
- Open Machine Learning-related jobs
- Open Splunk-related jobs
- Open Ruby-related jobs
- Open AI-related jobs
- Open IPS-related jobs
- Open Security assessments-related jobs
- Open Threat detection-related jobs
- Open Encryption-related jobs
- Open Docker-related jobs
- Open Unix-related jobs
- Open TCP/IP-related jobs
- Open PowerShell-related jobs
- Open DNS-related jobs