Senior PSIRT Security Engineer

November 12

Apply Now

Receive Emails with Similar Jobs

GitLab

WebsiteLinkedInAll Job Openings

Artificial Intelligence • Enterprise • SaaS

GitLab is the most comprehensive AI-powered DevSecOps platform, offering tools for automated software delivery, security, and compliance throughout the software development lifecycle. It provides solutions across areas such as AI-assisted development, continuous integration/continuous deployment (CI/CD), source code management, and vulnerability management. GitLab aims to simplify and accelerate software delivery by uniting development, security, and operations on a unified platform. It is particularly recognized for its AI code assistants and has been named a leader in the Gartner Magic Quadrant™ for DevOps Platforms, making it a preferred choice for many enterprises.

1001 - 5000 employees

Founded 2014

🤖 Artificial Intelligence

🏢 Enterprise

☁️ SaaS

💰 Secondary Market on 2020-11

📋 Description

• Reproduce, assess, and document vulnerabilities, perform variant hunting, and contribute to exploitability research on security issues reported in GitLab’s products and services. • Support and consult with product and development teams on effective vulnerability remediation and mitigation. • Independently validate vulnerability fixes prior to release. • Support security release preparation activities. • Automate vulnerability triage related tasks collaborate to mature team processes and documentation

🎯 Requirements

• 5+ years of experience managing vulnerability triage, remediation, and disclosure in a software security context, such as through a PSIRT, bug bounty program, or security response team. • Strong understanding, and effective communication of code security and how to detect and remediate various classes of security defects and logic vulnerabilities. • Programming experience or scripting experience (Ruby, Ruby on Rails, TypeScript, JavaScript, and/or Go preferred), and an ability to read and understand code for fix validation and root cause analysis purposes. • Comfortable in shell scripting to automate recurring work or build PoC exploits • Experience performing Application Penetration Testing or Vulnerability Research / Bug Bounty Hunting. (Ability to discover and identify fixes for SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities is a plus). • Understanding of common security vulnerabilities and security impact frameworks (e.g., OWASP Top 10, STRIDE) as well as common security frameworks and standards (CVE, CWE, CVSS, etc). • Demonstrated ability to learn new technical concepts in cloud and web application security assessment. • Flexible, effective, and inclusive communication skills that create clarity; you will collaborate with technical and non-technical audiences across multiple teams on security bug types and how to mitigate or remediate security issues. • Demonstrated critical and creative thinking, while also being an effective member of a team. • You’re comfortable using Git, and have the ability to use GitLab effectively • Experience with standard web application security tools such as BurpSuite. • Flexible and constructive approach to problem solving that helps you navigate ambiguity and drive results. • Proficiency in the English language, both written and verbal, sufficient for success in a remote and largely asynchronous work environment

🏖️ Benefits

• Benefits to support your health, finances, and well-being • Flexible Paid Time Off • Team Member Resource Groups • Equity Compensation & Employee Stock Purchase Plan • Growth and Development Fund • Parental leave • Home office support