GitLab
1001-5000 employees
Software Development
DevOps
Cloud Computing
Information Technology
About GitLab
GitLab is a comprehensive DevOps platform delivered as a single application, enabling organizations to manage the entire software development lifecycle from planning and source code management to CI/CD, monitoring, and security. Founded in 2014, GitLab's mission is to make it possible for everyone to contribute to software development by providing a collaborative, open-source platform that supports remote work and transparency. The company offers a cloud-based and self-managed solution that integrates with various tools to streamline development workflows, improve productivity, and accelerate software delivery. GitLab is publicly traded on NASDAQ under the symbol GTLB and serves a global customer base ranging from startups to large enterprises.
📋
Description
- GitLab is an open-core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world. When everyone can contribute, consumers become contributors, significantly accelerating human progress. Our platform unites teams and organizations, breaking down barriers and redefining what's possible in software development. Thanks to products like Duo Enterprise and Duo Agent Platform, customers get AI benefits at every stage of the SDLC.
- The Application Security + Response (ASR) subdepartment works with GitLab engineers and product teams to anticipate and prevent vulnerabilities during design and development, ensuring high-quality, trustworthy software. The Principal Application Security Engineer reports to the Senior Director of Application Security + Response and drives strategic security engineering solutions.
- Responsibilities include resolving systemic vulnerabilities, performing security reviews and threat modeling, conducting vulnerability research, demonstrating proof-of-concept exploits, establishing secure development practices, providing security leadership during crises, and contributing to long-term security architecture and product design.
- Qualifications include 8+ years in Application Security or Vulnerability Research, expert knowledge of security concepts (OWASP, STRIDE, CVSS, Threat Modeling), programming skills in Ruby, Go, TypeScript, familiarity with GraphQL APIs, experience with code review, static/dynamic analysis, attack surface analysis, and web vulnerabilities (SQLi, XSS, CSRF, SSRF). Strong communication skills, leadership ability, and experience coaching junior engineers are essential.
- GitLab offers benefits supporting health, finances, and well-being, including flexible paid time off, resource groups, equity compensation, development funds, parental leave, and home office support. The role is remote, with eligibility depending on location, and the company is committed to diversity and inclusion.
🎯
Requirements
- Ability to use GitLab effectively
- Bachelor's degree or equivalent in Computer Science or related practical education
- 8+ years professional experience in Application Security or Vulnerability Research
- Expert level understanding of security defects, race conditions, and remediation
- Programming experience in Ruby, Ruby on Rails, Go, TypeScript, and familiarity with GraphQL APIs
- Knowledge of OWASP Top 10, STRIDE, CVSS, and Threat Modeling
- Experience with code review, threat modeling, SAST, DAST, attack surface analysis, penetration testing, or bug bounty hunting
- Strong knowledge of CI/CD pipeline security, supply chain security, and API security
- Ability to identify and fix SQLi, XSS, CSRF, SSRF, and auth flaws
- Subject matter expertise in software architecture and system security
- Effective communication skills in English
- Critical and creative thinking, problem-solving, and ability to navigate ambiguity
- Ability to influence security decisions at leadership levels
- Experience coaching junior engineers
🏖️
Benefits
- Flexible Paid Time Off
- Team Member Resource Groups
- Equity Compensation & Employee Stock Purchase Plan
- Growth and Development Fund
- Parental leave
- Home office support