Senior Security Engineer, Application Security (APAC)
GitLab
Senior Security Engineer, Application Security (APAC)
Job Description
About this Role
Join GitLab as a Senior Security Engineer in Application Security, safeguarding the world's leading AI-powered DevSecOps platform.
Empower teams to deliver secure software at unprecedented velocity while co-creating the future of development.
Dive into the heart of innovation at a company whose mission is to enable everyone to contribute to software that powers our world.
Experience the thrill of preventing vulnerabilities in real-time, ensuring customers trust every line of code.
Collaborate with elite engineers on cutting-edge products like Duo Enterprise and Duo Agent Platform.
Embrace AI as your daily productivity ally, accelerating impact in a high-performance culture.
Break down barriers between security, development, and operations for seamless, secure innovation.
Drive human progress by securing the platform that transforms consumers into contributors.
Thrive in an environment where values fuel continuous learning and every voice shapes the future.
Secure your career trajectory while protecting the software supply chain of tomorrow's giants.
Locations
- APAC (Remote)
Salary
Salary details available upon request
85,000 - 140,000 USD / yearly
Source: ai estimated
* This is an estimated range based on market data and may vary based on experience and qualifications.
Skills Required
- Ruby on Railsintermediate
- Go programmingintermediate
- Shell scriptingintermediate
- OWASP Top 10intermediate
- STRIDE threat modelingintermediate
- CVSS scoringintermediate
- SAST and DAST toolsintermediate
- Application Penetration Testingintermediate
- Code reviewintermediate
- Software supply chain securityintermediate
Required Qualifications
- Bachelor's degree or equivalent in Computer Science or practical technical education (experience)
- 5+ years professional experience in IT, technical support, or engineering (experience)
- Deep understanding of computer code and remediation of security defects like race conditions (experience)
- Programming experience in Ruby on Rails or Go for building and troubleshooting code (experience)
- Proficiency in shell scripting for automation and PoC exploits (experience)
- Strong knowledge of OWASP Top 10, STRIDE model, CVSS scoring, and Threat Modeling (experience)
- Experience with code review, threat modeling, SAST, DAST, and attack surface analysis (experience)
- Hands-on Application Penetration Testing or Vulnerability Research experience (experience)
- Expertise in software architecture design and system security (experience)
- Familiarity with security libraries, controls, and flaws in Ruby on Rails applications (experience)
Preferred Qualifications
- Experience discovering SQLi, XSS, CSRF, SSRF, and auth flaws (experience)
- Demonstrated ability to learn new cloud and web app security concepts (experience)
- Flexible communication skills for technical and non-technical audiences (experience)
- Proficiency in English for written and verbal collaboration (experience)
- Comfortable navigating ambiguity with a constructive problem-solving approach (experience)
- Background in bug bounty hunting (experience)
- Knowledge of secure development practices and Paved Roads approach (experience)
- Experience securing software supply chains (experience)
- Ability to drive team maturity in processes and automations (experience)
- Inclusive mindset fostering clarity across multiple teams (experience)
Responsibilities
- Conduct security-focused design reviews, threat modeling, code reviews, and testing
- Demonstrate real exploitation impacts in controlled environments
- Propose and establish secure development practices and Paved Roads
- Develop security standards to enable high-velocity secure feature delivery
- Contribute directly to securing the GitLab product
- Secure the software supply chain and enhance workflows
- Identify and drive maturity opportunities in processes and automations
- Perform application penetration testing and vulnerability research
- Collaborate with product and engineering teams on security remediation
- Automate security workflows using scripting and tools
Benefits
- general: Comprehensive benefits supporting health, finances, and well-being
- general: Flexible Paid Time Off policy
- general: Team Member Resource Groups for belonging and support
- general: Equity Compensation and Employee Stock Purchase Plan
- general: Growth and Development Fund for professional advancement
- general: Generous Parental Leave
- general: Home office support and equipment
- general: High-performance culture with continuous knowledge exchange
- general: Opportunities to collaborate with industry leaders
- general: AI-driven productivity tools integrated into daily workflows
Tags & Categories
Senior Security Engineer, Application Security (APAC)
GitLab
Senior Security Engineer, Application Security (APAC)
Job Description
About this Role
Join GitLab as a Senior Security Engineer in Application Security, safeguarding the world's leading AI-powered DevSecOps platform.
Empower teams to deliver secure software at unprecedented velocity while co-creating the future of development.
Dive into the heart of innovation at a company whose mission is to enable everyone to contribute to software that powers our world.
Experience the thrill of preventing vulnerabilities in real-time, ensuring customers trust every line of code.
Collaborate with elite engineers on cutting-edge products like Duo Enterprise and Duo Agent Platform.
Embrace AI as your daily productivity ally, accelerating impact in a high-performance culture.
Break down barriers between security, development, and operations for seamless, secure innovation.
Drive human progress by securing the platform that transforms consumers into contributors.
Thrive in an environment where values fuel continuous learning and every voice shapes the future.
Secure your career trajectory while protecting the software supply chain of tomorrow's giants.
Locations
- APAC (Remote)
Salary
Salary details available upon request
85,000 - 140,000 USD / yearly
Source: ai estimated
* This is an estimated range based on market data and may vary based on experience and qualifications.
Skills Required
- Ruby on Railsintermediate
- Go programmingintermediate
- Shell scriptingintermediate
- OWASP Top 10intermediate
- STRIDE threat modelingintermediate
- CVSS scoringintermediate
- SAST and DAST toolsintermediate
- Application Penetration Testingintermediate
- Code reviewintermediate
- Software supply chain securityintermediate
Required Qualifications
- Bachelor's degree or equivalent in Computer Science or practical technical education (experience)
- 5+ years professional experience in IT, technical support, or engineering (experience)
- Deep understanding of computer code and remediation of security defects like race conditions (experience)
- Programming experience in Ruby on Rails or Go for building and troubleshooting code (experience)
- Proficiency in shell scripting for automation and PoC exploits (experience)
- Strong knowledge of OWASP Top 10, STRIDE model, CVSS scoring, and Threat Modeling (experience)
- Experience with code review, threat modeling, SAST, DAST, and attack surface analysis (experience)
- Hands-on Application Penetration Testing or Vulnerability Research experience (experience)
- Expertise in software architecture design and system security (experience)
- Familiarity with security libraries, controls, and flaws in Ruby on Rails applications (experience)
Preferred Qualifications
- Experience discovering SQLi, XSS, CSRF, SSRF, and auth flaws (experience)
- Demonstrated ability to learn new cloud and web app security concepts (experience)
- Flexible communication skills for technical and non-technical audiences (experience)
- Proficiency in English for written and verbal collaboration (experience)
- Comfortable navigating ambiguity with a constructive problem-solving approach (experience)
- Background in bug bounty hunting (experience)
- Knowledge of secure development practices and Paved Roads approach (experience)
- Experience securing software supply chains (experience)
- Ability to drive team maturity in processes and automations (experience)
- Inclusive mindset fostering clarity across multiple teams (experience)
Responsibilities
- Conduct security-focused design reviews, threat modeling, code reviews, and testing
- Demonstrate real exploitation impacts in controlled environments
- Propose and establish secure development practices and Paved Roads
- Develop security standards to enable high-velocity secure feature delivery
- Contribute directly to securing the GitLab product
- Secure the software supply chain and enhance workflows
- Identify and drive maturity opportunities in processes and automations
- Perform application penetration testing and vulnerability research
- Collaborate with product and engineering teams on security remediation
- Automate security workflows using scripting and tools
Benefits
- general: Comprehensive benefits supporting health, finances, and well-being
- general: Flexible Paid Time Off policy
- general: Team Member Resource Groups for belonging and support
- general: Equity Compensation and Employee Stock Purchase Plan
- general: Growth and Development Fund for professional advancement
- general: Generous Parental Leave
- general: Home office support and equipment
- general: High-performance culture with continuous knowledge exchange
- general: Opportunities to collaborate with industry leaders
- general: AI-driven productivity tools integrated into daily workflows
Tags & Categories