Job Description

Locations

• Americas (Remote)

Salary

Skills Required

• Ruby on Railsintermediate
• Go programmingintermediate
• Shell scriptingintermediate
• OWASP Top 10intermediate
• STRIDE threat modelingintermediate
• CVSS scoringintermediate
• SAST and DAST toolsintermediate
• Application penetration testingintermediate
• Code review and analysisintermediate
• Software supply chain securityintermediate

Required Qualifications

• Bachelor's degree or equivalent in Computer Science or practical technical education (experience)
• 5+ years professional experience in IT, technical support, or engineering (experience)
• Deep understanding of computer code and remediation of security defects like race conditions (experience)
• Programming experience in Ruby on Rails or Go for building and troubleshooting code (experience)
• Proficiency in shell scripting for automation and PoC exploit development (experience)
• Strong knowledge of OWASP Top 10, STRIDE model, CVSS scoring, and Threat Modeling (experience)
• Experience with code review, threat modeling, SAST, DAST, and attack surface analysis (experience)
• Hands-on Application Penetration Testing or Vulnerability Research experience (experience)
• Expertise in software architecture design and system security (experience)
• Familiarity with security libraries, controls, and flaws in Ruby on Rails applications (experience)

Preferred Qualifications

• Experience securing software supply chains and improving security workflows (experience)
• Ability to drive team maturity in processes, metrics, workflows, and automations (experience)
• Demonstrated quick learning of new cloud and web application security concepts (experience)
• Inclusive communication skills for technical and nontechnical audiences (experience)
• Proficiency in English for clear written and verbal collaboration (experience)
• Comfortable navigating ambiguity with a flexible problem-solving approach (experience)
• Background in bug bounty hunting for web vulnerabilities like SQLi, XSS, CSRF (experience)
• Experience contributing directly to open-core product development (experience)
• Knowledge of AI integration in security workflows for efficiency (experience)
• Proven track record in high-velocity secure development practices (experience)

Responsibilities

• Conduct security-focused design reviews, threat modeling, code reviews, and testing
• Demonstrate real exploitation impacts in controlled environments
• Propose and establish secure development practices and Paved Roads standards
• Identify security standards to support high-velocity feature delivery
• Directly contribute to securing and enhancing the GitLab product
• Secure the software supply chain and improve related workflows
• Drive team maturity opportunities in processes, metrics, and automations
• Perform application penetration testing and vulnerability research
• Collaborate across teams to mitigate and remediate security issues
• Provide subject matter expertise on architecture and system security

Benefits

• general: Competitive base salary with equity compensation and stock purchase plan
• general: Flexible Paid Time Off to support work-life balance
• general: Comprehensive health, dental, and vision insurance coverage
• general: 401(k) matching and financial wellness programs
• general: Generous parental leave policies
• general: Home office setup and equipment support
• general: Team Member Resource Groups for inclusion and belonging
• general: Growth and Development Fund for professional advancement
• general: Learning and development opportunities with industry leaders
• general: All-team summits and continuous knowledge exchange events

Tags & Categories