Security Engineers at GitLab work on securing our product and on internal security. On the product side, this includes the open source version of GitLab, the enterprise editions, and the GitLab.com service. Security Engineers work with peers on cross-functional teams dedicated to areas of the product. They also work together with product managers, developers, and the infrastructure teams to solve common goals.
The Security Application role focuses on working with functional groups across GitLab to assess the security architecture of new products and capabilities. Examples include executing and maintaining a security review program, and working with development teams to define and evangelize security best practices.
The Security Team is responsible for leading and implementing the various initiatives that relate to improving GitLab's security.
Own vulnerability management and mitigation approaches
Conduct threat modeling tied to security services
Conduct application security reviews
Implement secure architecture design
Provide security training and outreach to internal development teams
Develop security guidance documentation
Assist with recruiting activities and administrative work
Define, implement, and monitor security measures to protect GitLab.com and company assets
Familiarity with common security libraries, security controls, and common security flaws that apply to Ruby on Rails applications
Some development experience (Ruby and Ruby on Rails preferred; for GitLab debugging)
Experience with OWASP, static/dynamic analysis, and common exploit tools and methods
Experience with Google Cloud and GCP-related services