Application Security Engineer or Senior Application Security Engineer (US Federal)
Remote - USA
This Application Security Engineer or Senior Application Security Engineer position is 100% remote for someone located in the USA. We can only consider US citizens at this time.
It’s an exciting time to join our team. We're the world’s largest all-remote company, and we've been intentionally building our culture this way from the start. We are an ambitious, productive team that embraces a set of shared values in everything we do.
Application Security Engineers work closely with development teams, product managers (PM), and third-party groups (including the paid bug bounty program) to ensure that GitLab products are secure.
We are looking for an Application Security Engineer to review JiHu contributions, work with and triage security reports from US government organizations, and support our Public Sector team from an application security point of view.
The culture here at GitLab is something we’re incredibly proud of. Some of the benefits you’ll be entitled to vary by the region or country you’re in. However, all GitLab team members are fully remote and receive a "no ask, must tell" paid-time-off policy, where we don’t count the number of days you take off annually -- instead, we focus on your results. You can work the hours you choose, enabled by our asynchronous approach to communication. You can also expect stock options and a competitive salary. Our compensation calculator will be shared with selected candidates before any interview.
Diversity, Inclusion, and Belonging (DIB) are fundamental to the success of GitLab. We want to infuse DIB in every way possible and in all that we do. We strive to create a transparent environment where all team members around the world feel that their voices are heard and welcomed. We also aim to be a place where people can show up as their full selves each day and contribute their best. With more than 100,000 organizations using GitLab, our goal is to have a team that is representative of our users.
- Participate in and support application security reviews and threat modeling, including code review and dynamic testing.
- Own and perform application security vulnerability management.
- Support the bug bounty program.
- Facilitate and support the preparation of security releases.
- Support and consult with product and development teams in the area of application security.
- Assist in the creation of security training.
- Assist in the development of automated security testing to validate that secure coding best practices are being used.
- Lead and perform application security reviews on all contributed code from GitLab Information Technology (Hubei) Co., Ltd. (JiHu, pronounced "G Who").
- Work with and triage security reports from US government organizations and associated contractors.
- From an Application Security perspective, support our Federal Sales and Public Sector teams.
- Auxillary responsibilities include those general to the Application Security Engineer role.
- Support and evolve the bug bounty program.
- Lead both critical and regular security releases.
- Lead application security reviews and threat modeling, including code review and dynamic testing.
- Lead in development of automated security testing to validate that secure coding best practices are being used.
- Guide and advise product development teams as SMEs in the area of application security.
- Assist with recruiting activities and administrative work.
- Develop security training and socialize the material with internal development teams.
- Participate and assist in initiatives to holistically address multiple vulnerabilities found in a functional area.
- Ability to use GitLab.
- Familiarity with common security libraries, security controls, and common security flaws.
- Basic development or scripting experience and skills. Ruby and Ruby on Rails is preferred.
- Experience with OWASP, static/dynamic analysis, and common security tools.
- A basic understanding of network and web related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, protocols).
- Familiarity with cloud security controls and best practices.
- Experience working with developers.
- Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
- A United States citizenship.
- Residence in one of the 50 states of the United States of America.
- Ability to conduct all GitLab related work within the United States of America.
- Experience working for or closely with the United States government or associated contractors.
- Ability and willingness to obtain a federal security clearance should it be necessary to perform job responsibilities.
- Experience working with Defense Information Security Agency (DISA) Security Technical Implementation Guides (STIGs).
- Successful completion of a background check.
- Strong understanding and experience with common security libraries, security controls, and common security flaws.
- Some development or scripting experience and skills. Ruby and Ruby on Rails is preferred.
- Be a subject matter expert (SME) of at least 1 technical area impacting the security of the product.
- Strong experience working closely with developers.
Also, we know it’s tough, but please try to avoid the confidence gap. You don’t have to match all the listed requirements exactly to be considered for this role.
Our hiring process for this Application Security Engineer position typically follows four stages. The details of this process and our leveling structure can be found on our job family page.Remote-US
Country Hiring Guidelines
Please visit our Country Hiring Guidelines page to see where we can hire.
Explore more Information Security career opportunities
- Open Cyber Security Engineer Jobs
- Open Network Security Engineer Jobs
- Open Threat Intelligence Response Analyst Jobs
- Open Staff Security Engineer Jobs
- Open Senior Penetration Tester Jobs
- Open Cybersecurity Analyst Jobs
- Open IT Security Engineer Jobs
- Open Chief Information Security Officer Jobs
- Open Software Security Engineer Jobs
- Open Information Security Officer Jobs
- Open Threat Intelligence Analyst Jobs
- Open Infrastructure Security Engineer Jobs
- Open Vulnerability Analyst Jobs
- Open Computer Forensic Software Engineer Jobs
- Open Lead Security Engineer Jobs
- Open Staff Engineer, Cloud Security Jobs
- Open Senior Infrastructure Security Engineer Jobs
- Open Personnel Security Officer Jobs
- Open Senior Information Security Engineer Jobs
- Open Senior Information Security Analyst Jobs
- Open IAM Engineer Jobs
- Open Sr. Software Engineer - Detection Engineering Jobs
- Open Manager, Cybersecurity and Trust Jobs
- Open Principal Security Engineer Jobs
- Open DevOps Security Engineer Jobs
- Open Audits-related jobs
- Open CEH-related jobs
- Open Clearance-related jobs
- Open Open Source-related jobs
- Open PCI-related jobs
- Open Risk management-related jobs
- Open NIST-related jobs
- Open Forensics-related jobs
- Open IDS-related jobs
- Open Google-related jobs
- Open OSCP-related jobs
- Open Machine Learning-related jobs
- Open Splunk-related jobs
- Open Ruby-related jobs
- Open AI-related jobs
- Open IPS-related jobs
- Open Security assessments-related jobs
- Open Threat detection-related jobs
- Open Encryption-related jobs
- Open Docker-related jobs
- Open Unix-related jobs
- Open TCP/IP-related jobs
- Open PowerShell-related jobs
- Open DNS-related jobs