Senior Risk and Field Security Engineer (Third Party Risk)

This Senior Risk and Field Security Engineer (Third Party Risk) position is 100% remote.

It’s an exciting time to join our team. We're the world’s largest all-remote company, and we've been intentionally building our culture this way from the start. With more than 1,200 team members in 65+ countries, GitLab is a place where you can contribute from almost anywhere. We are an ambitious, productive team that embraces a set of shared ​values​ in everything we do.

As a Risk and Field Security Engineer in our Risk and Field Security Team, you'll play a key role in the team that serves as the public representation of GitLab's internal Security function. You'll play a part in providing high levels of security assurance to internal and external customers. You'll work with all our departments to document Third Party requests and review the security posture of any Third Party we're considering introducing into our environment to ensure they will not negatively impact GitLab.

The culture here at GitLab is something we’re incredibly proud of. Some of the benefits you’ll be entitled to vary by the region or country you’re in. However, all GitLab team members are fully remote and receive a no ask, must tell paid-time-off policy, where we don’t count the number of days you take off annually -- instead, we focus on your results. You can work the hours you choose, enabled by our asynchronous approach to communication. You can also expect stock options and a competitive salary. Our compensation calculator will be shared with selected candidates before any interview.

Diversity, Inclusion, and Belonging (DIB) are fundamental to the success of GitLab. We want to infuse DIB in every way possible and in all that we do. We strive to create a transparent environment where all team members around the world feel that their voices are heard and welcomed. We also aim to be a place where people can show up as their full selves each day and contribute their best. With more than 100,000 organizations using GitLab, our goal is to have a team that is representative of our users.

What you'll do in this role

• Complete customer security assessments, questionnaires and sales enablement activities
• Maintain the Customer Assurance Package and other self-service customer security resources
• Maintain GitLab's standard security response database (RFP)
• Support Risk Management activities including Third Party Vendor and Security Operational Risk assessments
• Triage new or changing security requirements, security issues, and/or Security Operational, Third Party or Customer risks
• Maintain handbook pages, policies, standards, procedures and runbooks related to Risk and Field Security
• Identify opportunities for Risk and Field Security process automation
• Maintain Risk and Field Security automation tasks
• Lead sales enablement activities, including customer security assessments and contract reviews
• Execute end to end Risk and Field Security initiatives in accordance with the compliance roadmap
• Mature the Customer Assurance Package and other self-service customer security resources
• Monitor industry trends and demands to position GitLab as an industry leader in Security and execute initiatives to support these trends
• Execute Risk Management activities including Third Party Vendor and Security Operational Risk Assessments
• Execute peer reviews and provide meaningful feedback
• Design requirements for Risk and Field Security automation tasks
• Recommend new Risk and Field Security metrics and automate reporting of existing metrics

You should apply if you bring:

• Significant experience conducting customer support, security and/or risk management activities
• Detailed experience with common risk management standards and models such as: ISO 31000, NIST 800-39, FAIR, ISACA Risk IT, OCTAVE
• Demonstrated experience with at least four security control frameworks such as: SOC 2, ISO, NIST, COSO, COBIT
• Demonstrated industry security experience, particularly in DevSecOps, Application Security and/or Cloud-Native Security

Also, we know it’s tough, but please try to avoid the ​​confidence gap​.​​ You don’t have to match all the listed requirements exactly to be considered for this role.

Our hiring process for this Senior Risk and Field Security Engineer (Third Party Risk) position typically follows six stages. The details of this process and our leveling structure can be found on our job family page.

Remote-US Remote-North America Remote-US Remote-EMEA Remote-APAC Remote-LATAM