This position is remote based, however, we are only accepting candidates at this time who are located in APAC or EMEA. We are not currently considering candidates located in the Americas.
The Security Team is responsible for the internal security of GitLab, GitLab.com services, and actively contribute to the security of the open source and enterprise editions of the GitLab product. Security Engineers engage with partner teams across GitLab to solve common goals and encourage good security practices.
Security Operations Engineers are the firefighters of the GitLab Security Team. As a Senior Security Engineer in Operations your daily duties will include incident response, log analysis, forensics, tooling and automation development, as well as contributing to strategic improvements to the GitLab products and GitLab.com services. Successful Senior Security Engineers thrive in high-stress environments and can think like both an attacker and defender, have the ability to engage with and mentor more junior Security Engineers, and can help come up with proactive and preventative security measures to keep GitLab and its user’s data safe.
Detect and respond to company-wide security incidents
Develop and implement preventative security measures (detection, monitoring, exploitation)
Build security tools that enable the GitLab Security Team to operate at speed and scale
Incorporate current security trends, advisories, publications, and academic research
Engineer CND technologies to monitor and analyze (e.g. IDSes, Data collection tools)
Vulnerability management - triage and manage vulnerabilities identified through scanning
Identify and mitigate complex security vulnerabilities before an attacker exploits them
Communicate risks and mitigations across multiple audiences with varying levels of sensitivity
5+ years of demonstrated experience in web or cloud security engineering, log aggregation, and/or penetration testing
2+ years of direct experience with incident response
Experience with log analysis systems
Engineer, not an analyst mindset
In-depth knowledge of Linux tools/architecture and logging systems
Experience with Google Cloud Platform (GCP), AWS, and/or Azure
Experience with one or more programming languages (Ruby on Rails, Go, PHP and/or Python)
The compensation calculator for this job can be found here.