Application Security Engineer or Senior Application Security Engineer (US Federal)
Remote - USA
GitLab
From planning to production, bring teams together in one application. Ship secure code more efficiently to deliver value faster.This Application Security Engineer or Senior Application Security Engineer position is 100% remote for someone located in the USA. We can only consider US citizens at this time.
It’s an exciting time to join our team. We're the world’s largest all-remote company, and we've been intentionally building our culture this way from the start. We are an ambitious, productive team that embraces a set of shared values in everything we do.
Application Security Engineers work closely with development teams, product managers (PM), and third-party groups (including the paid bug bounty program) to ensure that GitLab products are secure.
We are looking for an Application Security Engineer to review JiHu contributions, work with and triage security reports from US government organizations, and support our Public Sector team from an application security point of view.
The culture here at GitLab is something we’re incredibly proud of. Some of the benefits you’ll be entitled to vary by the region or country you’re in. However, all GitLab team members are fully remote and receive a "no ask, must tell" paid-time-off policy, where we don’t count the number of days you take off annually -- instead, we focus on your results. You can work the hours you choose, enabled by our asynchronous approach to communication. You can also expect stock options and a competitive salary. Our compensation calculator will be shared with selected candidates before any interview.
Diversity, Inclusion, and Belonging (DIB) are fundamental to the success of GitLab. We want to infuse DIB in every way possible and in all that we do. We strive to create a transparent environment where all team members around the world feel that their voices are heard and welcomed. We also aim to be a place where people can show up as their full selves each day and contribute their best. With more than 100,000 organizations using GitLab, our goal is to have a team that is representative of our users.
What you'll do in this role:
- Participate in and support application security reviews and threat modeling, including code review and dynamic testing.
- Own and perform application security vulnerability management.
- Support the bug bounty program.
- Facilitate and support the preparation of security releases.
- Support and consult with product and development teams in the area of application security.
- Assist in the creation of security training.
- Assist in the development of automated security testing to validate that secure coding best practices are being used.
- Lead and perform application security reviews on all contributed code from GitLab Information Technology (Hubei) Co., Ltd. (JiHu, pronounced "G Who").
- Work with and triage security reports from US government organizations and associated contractors.
- From an Application Security perspective, support our Federal Sales and Public Sector teams.
- Auxillary responsibilities include those general to the Application Security Engineer role.
As a Senior Application Security Engineer you will also:
- Support and evolve the bug bounty program.
- Lead both critical and regular security releases.
- Lead application security reviews and threat modeling, including code review and dynamic testing.
- Lead in development of automated security testing to validate that secure coding best practices are being used.
- Guide and advise product development teams as SMEs in the area of application security.
- Assist with recruiting activities and administrative work.
- Develop security training and socialize the material with internal development teams.
- Participate and assist in initiatives to holistically address multiple vulnerabilities found in a functional area.
You should apply if you bring:
- Ability to use GitLab.
- Familiarity with common security libraries, security controls, and common security flaws.
- Basic development or scripting experience and skills. Ruby and Ruby on Rails is preferred.
- Experience with OWASP, static/dynamic analysis, and common security tools.
- A basic understanding of network and web related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, protocols).
- Familiarity with cloud security controls and best practices.
- Experience working with developers.
- Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
- A United States citizenship.
- Residence in one of the 50 states of the United States of America.
- Ability to conduct all GitLab related work within the United States of America.
- Experience working for or closely with the United States government or associated contractors.
- Ability and willingness to obtain a federal security clearance should it be necessary to perform job responsibilities.
- Experience working with Defense Information Security Agency (DISA) Security Technical Implementation Guides (STIGs).
- Successful completion of a background check.
If applying as a Senior, you should apply if you also bring:
- Strong understanding and experience with common security libraries, security controls, and common security flaws.
- Some development or scripting experience and skills. Ruby and Ruby on Rails is preferred.
- Be a subject matter expert (SME) of at least 1 technical area impacting the security of the product.
- Strong experience working closely with developers.
Also, we know it’s tough, but please try to avoid the confidence gap. You don’t have to match all the listed requirements exactly to be considered for this role.
Our hiring process for this Application Security Engineer position typically follows four stages. The details of this process and our leveling structure can be found on our job family page.
Remote-USCountry Hiring Guidelines
Please visit our Country Hiring Guidelines page to see where we can hire.
Your Privacy
For information about our privacy practices in the recruitment process, please visit our Recruitment Privacy Policy page.
Tags: Application security Clearance Cloud OWASP Privacy Ruby Scripting Security Clearance TCP/IP Vulnerabilities Vulnerability management
Perks/benefits: Competitive pay Equity Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open IPS-related jobs