Senior Security Engineer, Application Security

November 7

Apply Now

Receive Emails with Similar Jobs

GitLab

WebsiteLinkedInAll Job Openings

Artificial Intelligence • Enterprise • SaaS

GitLab is the most comprehensive AI-powered DevSecOps platform, offering tools for automated software delivery, security, and compliance throughout the software development lifecycle. It provides solutions across areas such as AI-assisted development, continuous integration/continuous deployment (CI/CD), source code management, and vulnerability management. GitLab aims to simplify and accelerate software delivery by uniting development, security, and operations on a unified platform. It is particularly recognized for its AI code assistants and has been named a leader in the Gartner Magic Quadrant™ for DevOps Platforms, making it a preferred choice for many enterprises.

1001 - 5000 employees

Founded 2014

🤖 Artificial Intelligence

🏢 Enterprise

☁️ SaaS

💰 Secondary Market on 2020-11

📋 Description

• Conduct security-focused application design and architecture reviews, threat modeling, code review, and security testing assessment. • Propose and establish secure development practices, Identify and develop Paved Roads and security standards that will support Product and Engineering teams to deliver secured features at a high velocity. • Help secure GitLab, with GitLab. Directly contribute to the GitLab product by using and providing customer feedback on platform features, capabilities, scope and technology coverage. • Secure our software supply chain and improve security workflows and controls of our supply chain security. • Identify and drive our team’s maturity opportunities to enable scaling our internal process, metrics, workflows and automations as we continue to grow.

🎯 Requirements

• Bachelor's degree or equivalent in Computer Science or equivalent practical education (including technical bootcamp training programs) and experience. • 5+ years professional experience in a computer technology field including IT, technical support, or engineering • Very good understanding of computer code and how to detect and remediate classes of security defects, race condition based logic vulnerabilities etc • Programming experience in one or more coding languages, with a preference for Ruby on Rails or Go languages. • Comfortable in shell scripting to automate recurring work or build PoC exploits • Strong knowledge of application security concepts such as OWASP Top 10 bug types, the STRIDE model, CVSS scoring, and Threat Modeling assessments • Experience with application security practices including code review, threat modeling, static and dynamic analysis (SAST, DAST), and attack surface analysis • Experience performing Application Penetration Testing or Vulnerability Research / Bug Bounty Hunting. • Ability to provide subject matter expertise on software architecture design and system security • Familiar with common security libraries, security controls, and common security flaws that apply to Ruby on Rails applications. • Demonstrated ability to learn new technical concepts in cloud and web application security assessment. • Flexible, effective, and inclusive communication skills that create clarity; you will collaborate with technical and nontechnical audiences across multiple teams on security bug types and how to mitigate or remediate security issues. • Demonstrated critical and creative thinking, while also being an effective member of a team. • You’re comfortable using Git • Experience with standard web application security tools such as Brakeman and BurpSuite. • Flexible and constructive approach to problem solving that helps you navigate ambiguity and drive results.

🏖️ Benefits

• Benefits to support your health, finances, and well-being • Flexible Paid Time Off • Team Member Resource Groups • Equity Compensation & Employee Stock Purchase Plan • Growth and Development Fund • Parental leave • Home office support