Senior Risk and Field Security Engineer (Third Party Risk)
Remote
GitLab
From planning to production, bring teams together in one application. Ship secure code more efficiently to deliver value faster.This Senior Risk and Field Security Engineer (Third Party Risk) position is 100% remote.
It’s an exciting time to join our team. We're the world’s largest all-remote company, and we've been intentionally building our culture this way from the start. With more than 1,200 team members in 65+ countries, GitLab is a place where you can contribute from almost anywhere. We are an ambitious, productive team that embraces a set of shared values in everything we do.
As a Risk and Field Security Engineer in our Risk and Field Security Team, you'll play a key role in the team that serves as the public representation of GitLab's internal Security function. You'll play a part in providing high levels of security assurance to internal and external customers. You'll work with all our departments to document Third Party requests and review the security posture of any Third Party we're considering introducing into our environment to ensure they will not negatively impact GitLab.
The culture here at GitLab is something we’re incredibly proud of. Some of the benefits you’ll be entitled to vary by the region or country you’re in. However, all GitLab team members are fully remote and receive a no ask, must tell paid-time-off policy, where we don’t count the number of days you take off annually -- instead, we focus on your results. You can work the hours you choose, enabled by our asynchronous approach to communication. You can also expect stock options and a competitive salary. Our compensation calculator will be shared with selected candidates before any interview.
Diversity, Inclusion, and Belonging (DIB) are fundamental to the success of GitLab. We want to infuse DIB in every way possible and in all that we do. We strive to create a transparent environment where all team members around the world feel that their voices are heard and welcomed. We also aim to be a place where people can show up as their full selves each day and contribute their best. With more than 100,000 organizations using GitLab, our goal is to have a team that is representative of our users.
What you'll do in this role
- Complete customer security assessments, questionnaires and sales enablement activities
- Maintain the Customer Assurance Package and other self-service customer security resources
- Maintain GitLab's standard security response database (RFP)
- Support Risk Management activities including Third Party Vendor and Security Operational Risk assessments
- Triage new or changing security requirements, security issues, and/or Security Operational, Third Party or Customer risks
- Maintain handbook pages, policies, standards, procedures and runbooks related to Risk and Field Security
- Identify opportunities for Risk and Field Security process automation
- Maintain Risk and Field Security automation tasks
- Lead sales enablement activities, including customer security assessments and contract reviews
- Execute end to end Risk and Field Security initiatives in accordance with the compliance roadmap
- Mature the Customer Assurance Package and other self-service customer security resources
- Monitor industry trends and demands to position GitLab as an industry leader in Security and execute initiatives to support these trends
- Execute Risk Management activities including Third Party Vendor and Security Operational Risk Assessments
- Execute peer reviews and provide meaningful feedback
- Design requirements for Risk and Field Security automation tasks
- Recommend new Risk and Field Security metrics and automate reporting of existing metrics
You should apply if you bring:
- Significant experience conducting customer support, security and/or risk management activities
- Detailed experience with common risk management standards and models such as: ISO 31000, NIST 800-39, FAIR, ISACA Risk IT, OCTAVE
- Demonstrated experience with at least four security control frameworks such as: SOC 2, ISO, NIST, COSO, COBIT
- Demonstrated industry security experience, particularly in DevSecOps, Application Security and/or Cloud-Native Security
Also, we know it’s tough, but please try to avoid the confidence gap. You don’t have to match all the listed requirements exactly to be considered for this role.
Our hiring process for this Senior Risk and Field Security Engineer (Third Party Risk) position typically follows six stages. The details of this process and our leveling structure can be found on our job family page.
Remote-US Remote-North America Remote-US Remote-EMEA Remote-APAC Remote-LATAMTags: Application security Automation Cloud COBIT Compliance DevSecOps ISACA NIST Octave Risk management Security assessment SOC 2
Perks/benefits: Competitive pay Equity Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open EDR-related jobs