This position is remote based.
The Director of Security, Application Security role extends the Security Manager role.
The Director of Security, Application Security will lead a globally distributed, growing team of Security Analysts, Engineers, Researchers, and Managers and will report to the Vice President of Security.
- Manage a growing organization that includes Application Security, Security Development, Security Research, and Security Automation.
- Hire a world class team of managers, security analysts, security engineers, and security researchers
- Secure our self-managed (on-prem) project and products: GitLab CE/EE
- Secure our user-facing SaaS: GitLab.com
- Assess and mitigate constantly changing threats
- Hold regular skip-level 1:1's with all members of their team
- Create a sense of psychological safety on your teams
- Drive technical and process improvements
- Drive quarterly OKRs
- Develop strategies that improve the security of our products and services
- Develop and maintain strategy for improving application and product security
- Promote new and innovative security features for GitLab’s product and services
- Developing strategy for and promoting secure coding practices across an engineering org
- Own and develop GitLab’s bug bounty strategy
- Evaluate and improve security of GitLab’s CI/CD pipeline
- Work to scope and plan key deliverables with business stakeholders and development teams to ensure successful delivery
- Build strong, collaborative partnerships with internal and external stakeholders
- Actively assess and evaluate new security technologies and threat intel to advise a robust roadmap
- Ensure our engineers and contributors from the wider community run a secure software development lifecycle for GitLab by training them in best practices and creating automated tools.
- Respond to security and service abuse incidents
- Evangelise GitLab Security and Values to staff, customers and prospects
- 8+ years of experience leading teams of Security Analysts, Engineers, Researchers, and Managers. Preferably, experience leading globally distributed teams
- Strong commitment to talent development, training and coaching to acquire and retain key security talent
- Significant application and SaaS security experience in production-level settings
- Familiarity with common security libraries, security controls, and common security flaws that apply to Ruby on Rails applications
- Experience and understanding of common application security tools and technologies such as SAST, DAST and vulnerability scanning
- Considerable knowledge of operating SaaS products and services in a cloud space
- Experience with (managing) incident response.
- You share our values, and work in accordance with those values.
- Leadership at GitLab
- Ability to use GitLab
Security Management has the following job-family performance indicators.
- Hiring actual vs plan
- Handbook update frequency
- Team member retention
- HackerOne spend actual vs planned
To view the full job description and its compensation calculator, view our handbook. The compensation calculator can be found towards the bottom of the page.
Additional details about our process can be found on our hiring page.