Job Description

Locations

• APAC, Remote, Canada, Remote, EMEA, Remote, US (Remote)

Salary

Skills Required

• Cloud infrastructure security (AWS/GCP/Azure)intermediate
• Kubernetes and container orchestration securityintermediate
• Secrets managementintermediate
• Certificate automationintermediate
• Security automation and toolingintermediate
• Threat modelingintermediate
• Distributed systems design and operationsintermediate
• SaaS platform securityintermediate
• Security frameworks (FedRAMP, ISO 27001, SOC 2, PCI-DSS)intermediate
• AI integration in workflowsintermediate

Required Qualifications

• Expert-level knowledge of security for cloud infrastructure (AWS/GCP/Azure) (experience)
• Deep expertise in container orchestration security (Kubernetes) (experience)
• Demonstrated ability to translate complex security concepts into actionable recommendations (experience)
• Principal-level technical leadership with strategy-setting and cross-organizational influence (experience)
• Extensive experience designing, developing, and operating large distributed systems in SaaS (experience)
• Track record of leading projects with ambiguous requirements delivering business impact (experience)
• History of driving technical strategy improving organization-wide security posture (experience)
• Understanding of security certifications and frameworks like FedRAMP, ISO 27001, SOC 2, PCI-DSS (experience)
• Experience with infrastructure and data security topics (experience)
• Alignment with GitLab's core values (experience)

Preferred Qualifications

• Experience with secrets management and certificate automation (experience)
• Background in security automation and tooling development (experience)
• Proven skills in threat modeling for complex infrastructure (experience)
• History of conducting comprehensive security reviews (experience)
• Expertise in networking, storage, and compute security (experience)
• Familiarity with AI integration in security workflows (experience)
• Experience mentoring senior engineers (experience)
• Knowledge of DevSecOps platform security (experience)
• Track record in reference implementations for standards adoption (experience)
• Ability to quantify architectural tradeoffs for leadership (experience)

Responsibilities

• Independently define multi-year security strategy for cloud infrastructure components
• Design and scope infrastructure security initiatives with actionable work streams
• Architect and implement security automation, frameworks, and foundational tooling
• Conduct and lead comprehensive security reviews and threat modeling
• Drive adoption of security standards through technical influence and enablement
• Quantify architectural tradeoffs into clear decisions for engineers and leadership
• Serve as the go-to expert providing authoritative technical guidance
• Mentor and develop engineers while modeling inclusive collaboration
• Fulfill Product Security mission by securing infrastructure with GitLab products
• Collaborate across teams to balance security with operational and business needs

Benefits

• general: Comprehensive benefits supporting health, finances, and well-being
• general: Flexible Paid Time Off policy
• general: Team Member Resource Groups for belonging and support
• general: Equity Compensation and Employee Stock Purchase Plan
• general: Growth and Development Fund for professional advancement
• general: Generous Parental Leave
• general: Home office support and equipment
• general: Continuous knowledge exchange and learning opportunities
• general: High-performance culture with valued voices
• general: Collaboration with industry leaders on impactful projects

Tags & Categories