Our Mission is to be most Transparent Security Group in the world with a results oriented approach.
By embracing GitLab values and being active in engaging with our customers, our staff and our product, we enhance the security posture of our company, products, and client-facing services. The security department works cross-functionally inside and outside GitLab to meet these goals.Blogs about Security @ GitLab:
Laurence Bierner, Director of Security Engineering & Research
Our Security Engineering and Research sub-department are responsible for technical and engineering security specific to the GitLab product and internal used systems or applications.
The Security Engineering & Research sub-department's mission is to support the business and ensure that all GitLab products securely manage customer data. We do this by:
- Working closely with engineering, product, infrastructure, and other security department teams
- Designing and deploying custom automated security solutions
- Conducting in-depth security related research and assessments
- Transparently communicating important information externally to customers and the community alike
You can read about the team structure, mission, and vision in the Security Engineering & Research handbook.
Application Security Engineers work closely with development teams, product managers (PM), and third-party groups (including the paid bug bounty program) to ensure that GitLab products are secure.
As an Application Security Engineer at GitLab, you will:
- participate in and support application security reviews and threat modeling, including code review and dynamic testing.
- own and perform application security vulnerability management.
- support the bug bounty program.
- facilitate and support the preparation of security releases.
- support and consult with product and development teams in the area of application security.
- assist in creation of security training.
- assist in development of automated security testing to validate that secure coding best practices are being used.
You should apply if:
- you are familiar with common security libraries, security controls, and common security flaws.
- you have Ruby on Rails or GoLang development or scripting experience and skills.
- you have experience with OWASP, static/dynamic analysis, and common security tools.
- you have a basic understanding of network and web related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, protocols).
- you are familiar with cloud security controls and best practices.
- you have experience working with developers.
- you have excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
- you have demonstrated the ability to onboard and integrate with an organization long-term. Within the last 5 years, you've worked at one company for at least 2 years.
- you have demonstrated the ability to work closely with other parts of the organization.
- you are able to thrive in a fully remote organization
- you are able to use GitLab
- you share our values, and work in accordance with those values