Senior Field Security Engineer (US Federal)

This Senior Field Security Engineer position is 100% remote. We're looking for someone who is a US citizen with an ability to gain a US security clearance as you'll be working with our US Public Sector (federal) team and customers.

It’s an exciting time to join our team. We're one of the world’s largest all-remote companies, and we've been intentionally building our culture this way from the start. With more than 1,200 team members in 65+ countries, GitLab is a place where you can contribute from almost anywhere. We are an ambitious, productive team that embraces a set of shared ​values​ in everything we do.

As a Field Security Engineer in our Assurance sub department, you'll play a key role in the team that serves as the public representation of GitLab's internal Security function. The team is tasked with providing high levels of security assurance to internal and external customers through customer support, sales enablement and security evangelism programs. This position will support our US Public Sector (federal) team and customers.

The culture here at GitLab is something we’re incredibly proud of. Some of the benefits you’ll be entitled to vary by the region or country you’re in. However, all GitLab team members are fully remote and receive a "no ask, must tell" paid-time-off policy, where we don’t count the number of days you take off annually -- instead, we focus on your results. You can work the hours you choose, enabled by our asynchronous approach to communication.

You can also expect stock options and a competitive salary. Our compensation calculator will be shared with selected candidates before any interview.

Diversity, Inclusion, and Belonging (DIB) are fundamental to the success of GitLab. We want to infuse DIB in every way possible and in all that we do. We strive to create a transparent environment where all team members around the world feel that their voices are heard and welcomed. We also aim to be a place where people can show up as their full selves each day and contribute their best. With more than 100,000 organizations using GitLab, our goal is to have a team that is representative of our users.

What you'll do in this role:

• Professionally handle communications with internal and external stakeholders
• Maintain up-to-date knowledge of GitLab's product, environment, systems and architecture
• Educate internal and external stakeholders on GitLab’s Security practices through formal and informal training, handbook improvements, white papers, conference presentations and blog posts
• Gather and report on established metrics within the field security program
• Complete customer security assessments, questionnaires and sales enablement activities within pre defined SLA.
• Maintain the Customer Assurance Package and other self-service customer security resources
• Maintain GitLab's standard security response database
• Triage new or changing security requirements, US public sector requirements, security issues, and/or customer risks
• Maintain handbook pages, policies, standards, procedures and runbooks related to Field Security
• Identify opportunities for Field Security process automation
• Maintain Field Security automation tasks
• Create security and US public sector sales enablement educational materials and support security evangelism.
• Support Field Security internally facing presentations such as Sales Kick Off, Sales Quick Start and Customer Success Skills Exchange
• Proactively identify new or increased customer security concerns with management

You should apply if you bring:

• At least 5 years of experience conducting customer assurance activities
• Demonstrated experience with NIST 800-53 and at least two other security control frameworks such as: SOC 2, ISO, COSO, COBIT
• Demonstrated industry security experience, particularly in DevSecOps, Application Security and/or Cloud-Native Security

You'll stand out if you bring:

• Experience in a Saas company
• Experience with GitLab
• Experience with FedRAMP

Also, we know it’s tough, but please try to avoid the ​​confidence gap​.​​ You don’t have to match all the listed requirements exactly to be considered for this role.

Our hiring process for this Field Security Engineer position typically follows six stages. The details of this process and our leveling structure can be found on our job family page.

Country Hiring Guidelines

Please visit our Country Hiring Guidelines page to see where we can hire.

Your Privacy

For information about our privacy practices in the recruitment process, please visit our Recruitment Privacy Policy page.