Director, Security Operations

This position reports to the VP of Security.

Job Grade

The Director, Security Operations is a grade 10.

Responsibilities

• Secure our product, services (GitLab.com, package servers, other infrastructure), and company (laptops, email)
• Define and plan priorities for security related activities based on that risk analysis
• Determine appropriate combination of internal security efforts and external security efforts including bug bounty programs, external security audits (penetration testing, black box, white box testing)
• Analyze and advise on new security technologies
• Build and manage a team, which currently consists of Security Managers, Security Engineers, and Security Analysts
  • Identify and fill positions
  • Grow skills in team leads and team members, for example by creating training and testing materials
  • Deliver input on promotions, function changes, demotions, and terminations
• Ensure our engineers and contributors from the wider community run a secure software development lifecycle for GitLab by training them in best practices and creating automated tools
• Involve in major security and service abuse events
• Ensure we're compliant with our legal and contractual security obligations
• Evangelise GitLab Security and Values to staff, customers and prospects

Requirements

• Significant application and SaaS security experience in production-level settings
• This position does not require extensive development experience but the candidate should be very familiar with common security libraries, security controls, and common security flaws that apply to Ruby on Rails applications
• Experience managing teams of engineers, and leading managers
• Experience with incident management

Hiring Process

Candidates for the director positions can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

• Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
• Next, candidates will be invited to schedule an interview with VP of Security
• Candidates will then be invited to schedule separate 30 minute interviews with three members of the Security Organization
• Candidates will then be invited to schedule an interview with CTO of Engineering
• Successful candidates will subsequently be made an offer via email

Additional details about our process can be found on our hiring page.

Country Hiring Guidelines

Please visit our Country Hiring Guidelines page to see where we can hire.

Your Privacy

For information about our privacy practices in the recruitment process, please visit our Recruitment Privacy Policy page.