GitLab's DevOps platform empowers 100,000+ organizations to deliver software faster and more efficiently. We are one of the world’s largest all-remote companies with 1,400+ team members and values that guide a culture where people embrace the belief that everyone can contribute.
This position reports to the VP of Security.
The Director, Security Operations is a grade 10.
- Secure our product, services (GitLab.com, package servers, other infrastructure), and company (laptops, email)
- Define and plan priorities for security related activities based on that risk analysis
- Determine appropriate combination of internal security efforts and external security efforts including bug bounty programs, external security audits (penetration testing, black box, white box testing)
- Analyze and advise on new security technologies
- Build and manage a team, which currently consists of Security Managers, Security Engineers, and Security Analysts
- Identify and fill positions
- Grow skills in team leads and team members, for example by creating training and testing materials
- Deliver input on promotions, function changes, demotions, and terminations
- Ensure our engineers and contributors from the wider community run a secure software development lifecycle for GitLab by training them in best practices and creating automated tools
- Involve in major security and service abuse events
- Ensure we're compliant with our legal and contractual security obligations
- Evangelise GitLab Security and Values to staff, customers and prospects
- Significant application and SaaS security experience in production-level settings
- This position does not require extensive development experience but the candidate should be very familiar with common security libraries, security controls, and common security flaws that apply to Ruby on Rails applications
- Experience managing teams of engineers, and leading managers
- Experience with incident management
Candidates for the director positions can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.
- Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
- Next, candidates will be invited to schedule an interview with VP of Security
- Candidates will then be invited to schedule separate 30 minute interviews with three members of the Security Organization
- Candidates will then be invited to schedule an interview with CTO of Engineering
- Successful candidates will subsequently be made an offer via email
Additional details about our process can be found on our hiring page.
Country Hiring Guidelines: GitLab hires new team members in countries around the world. All of our roles are remote, however some roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process.
GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics. See also GitLab’s EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know during the recruiting process.