Principal Security Engineer, Application Security
GitLab
Principal Security Engineer, Application Security
Job Description
About this Role
Join GitLab as a Principal Security Engineer, Application Security, shaping the future of secure software development.
Empower teams to deliver trusted, high-quality software through proactive vulnerability prevention and response.
Drive strategic security solutions in an AI-powered DevSecOps platform that accelerates human progress.
Co-create innovative security practices within a mission-driven company uniting global contributors.
Lead complex threat modeling and vulnerability research to safeguard the entire software development lifecycle.
Thrive in a high-performance culture where AI boosts productivity and every voice drives impact.
Collaborate with elite engineers to redefine secure development at unprecedented velocity.
Influence long-term security architecture and respond decisively to critical incidents.
Experience career acceleration amid continuous learning and industry-leading innovation.
Be part of a values-driven team breaking barriers and enabling secure, collaborative software creation.
Locations
- APAC, Remote, EMEA, Remote, North America, Remote, US (Remote)
Salary
Salary details available upon request
180,000 - 300,000 USD / yearly
Source: ai estimated
* This is an estimated range based on market data and may vary based on experience and qualifications.
Skills Required
- Ruby programmingintermediate
- Ruby on Railsintermediate
- Go programmingintermediate
- TypeScriptintermediate
- GraphQL APIsintermediate
- OWASP Top 10intermediate
- STRIDE threat modelingintermediate
- CVSS scoringintermediate
- SAST and DAST toolsintermediate
- CI/CD Pipeline securityintermediate
Required Qualifications
- 8+ years professional experience in Application Security or Vulnerability Research (experience)
- Expert level understanding of computer code and detecting security defects like race conditions (experience)
- Programming experience in Ruby, Ruby on Rails, Go, TypeScript, and familiarity with GraphQL APIs (experience)
- Expert knowledge of OWASP Top 10, STRIDE model, CVSS scoring, and Threat Modeling (experience)
- Experience with code review, threat modeling, SAST, DAST, and attack surface analysis (experience)
- Strong knowledge of CI/CD Pipeline security, supply chain security, and API security (experience)
- Ability to discover and fix SQLi, XSS, CSRF, SSRF, authentication, and authorization flaws (experience)
- Subject matter expertise on software architecture design and system security (experience)
- Flexible communication skills for technical and nontechnical audiences (experience)
- Demonstrated ability to influence security decisions at executive levels (experience)
Preferred Qualifications
- Experience in Application Penetration Testing (experience)
- Vulnerability Research or Bug Bounty Hunting background (experience)
- Experience coaching and mentoring junior engineers (experience)
- Proficiency in developing proof-of-concept exploits (experience)
- Advanced skills in fix validation for security issues (experience)
- Deep expertise in web-based vulnerability remediation (experience)
- Leadership in security crisis and incident response (experience)
- Contributions to secure development standards (experience)
- Familiarity with coordinated vulnerability disclosure (experience)
- Proven track record in systemic vulnerability mitigation (experience)
Responsibilities
- Drive resolution of systemic vulnerability classes across the GitLab platform
- Perform complex application security reviews and threat modeling
- Conduct vulnerability research with proof-of-concept exploitation
- Demonstrate technical leadership in secure development practices
- Provide leadership during security crisis and incident response
- Contribute to long-term security architecture and product design
- Establish Paved Roads and security standards for engineering teams
- Collaborate with product teams to prevent vulnerability introduction
- Assess and respond to reported security vulnerabilities
- Support high-velocity delivery of secure software features
Benefits
- general: Comprehensive benefits supporting health, finances, and well-being
- general: Flexible Paid Time Off policy
- general: Team Member Resource Groups for inclusion and belonging
- general: Equity Compensation and Employee Stock Purchase Plan
- general: Growth and Development Fund for professional advancement
- general: Generous Parental Leave
- general: Home office support and equipment
- general: Continuous knowledge exchange and learning opportunities
- general: High-performance culture with career acceleration
- general: Collaboration with industry leaders on complex challenges
Tags & Categories
Answer 10 quick questions to check your fit for Principal Security Engineer, Application Security @ GitLab.
Related Books and Jobs
Principal Security Engineer, Application Security
GitLab
Principal Security Engineer, Application Security
Job Description
About this Role
Join GitLab as a Principal Security Engineer, Application Security, shaping the future of secure software development.
Empower teams to deliver trusted, high-quality software through proactive vulnerability prevention and response.
Drive strategic security solutions in an AI-powered DevSecOps platform that accelerates human progress.
Co-create innovative security practices within a mission-driven company uniting global contributors.
Lead complex threat modeling and vulnerability research to safeguard the entire software development lifecycle.
Thrive in a high-performance culture where AI boosts productivity and every voice drives impact.
Collaborate with elite engineers to redefine secure development at unprecedented velocity.
Influence long-term security architecture and respond decisively to critical incidents.
Experience career acceleration amid continuous learning and industry-leading innovation.
Be part of a values-driven team breaking barriers and enabling secure, collaborative software creation.
Locations
- APAC, Remote, EMEA, Remote, North America, Remote, US (Remote)
Salary
Salary details available upon request
180,000 - 300,000 USD / yearly
Source: ai estimated
* This is an estimated range based on market data and may vary based on experience and qualifications.
Skills Required
- Ruby programmingintermediate
- Ruby on Railsintermediate
- Go programmingintermediate
- TypeScriptintermediate
- GraphQL APIsintermediate
- OWASP Top 10intermediate
- STRIDE threat modelingintermediate
- CVSS scoringintermediate
- SAST and DAST toolsintermediate
- CI/CD Pipeline securityintermediate
Required Qualifications
- 8+ years professional experience in Application Security or Vulnerability Research (experience)
- Expert level understanding of computer code and detecting security defects like race conditions (experience)
- Programming experience in Ruby, Ruby on Rails, Go, TypeScript, and familiarity with GraphQL APIs (experience)
- Expert knowledge of OWASP Top 10, STRIDE model, CVSS scoring, and Threat Modeling (experience)
- Experience with code review, threat modeling, SAST, DAST, and attack surface analysis (experience)
- Strong knowledge of CI/CD Pipeline security, supply chain security, and API security (experience)
- Ability to discover and fix SQLi, XSS, CSRF, SSRF, authentication, and authorization flaws (experience)
- Subject matter expertise on software architecture design and system security (experience)
- Flexible communication skills for technical and nontechnical audiences (experience)
- Demonstrated ability to influence security decisions at executive levels (experience)
Preferred Qualifications
- Experience in Application Penetration Testing (experience)
- Vulnerability Research or Bug Bounty Hunting background (experience)
- Experience coaching and mentoring junior engineers (experience)
- Proficiency in developing proof-of-concept exploits (experience)
- Advanced skills in fix validation for security issues (experience)
- Deep expertise in web-based vulnerability remediation (experience)
- Leadership in security crisis and incident response (experience)
- Contributions to secure development standards (experience)
- Familiarity with coordinated vulnerability disclosure (experience)
- Proven track record in systemic vulnerability mitigation (experience)
Responsibilities
- Drive resolution of systemic vulnerability classes across the GitLab platform
- Perform complex application security reviews and threat modeling
- Conduct vulnerability research with proof-of-concept exploitation
- Demonstrate technical leadership in secure development practices
- Provide leadership during security crisis and incident response
- Contribute to long-term security architecture and product design
- Establish Paved Roads and security standards for engineering teams
- Collaborate with product teams to prevent vulnerability introduction
- Assess and respond to reported security vulnerabilities
- Support high-velocity delivery of secure software features
Benefits
- general: Comprehensive benefits supporting health, finances, and well-being
- general: Flexible Paid Time Off policy
- general: Team Member Resource Groups for inclusion and belonging
- general: Equity Compensation and Employee Stock Purchase Plan
- general: Growth and Development Fund for professional advancement
- general: Generous Parental Leave
- general: Home office support and equipment
- general: Continuous knowledge exchange and learning opportunities
- general: High-performance culture with career acceleration
- general: Collaboration with industry leaders on complex challenges
Tags & Categories
Answer 10 quick questions to check your fit for Principal Security Engineer, Application Security @ GitLab.
Related Books and Jobs