Staff Security Engineer, GitLab

Product Security Risk & Metrics

Salary not provided
Tableau
Power BI
JIRA
Asana
Senior and Expert level
Remote from Canada, Europe, UK
GitLab

One DevOps platform

Job no longer available

GitLab

One DevOps platform

1001+ employees

B2BSaaSDevOps

Job no longer available

Salary not provided
Tableau
Power BI
JIRA
Asana
Senior and Expert level
Remote from Canada, Europe, UK

1001+ employees

B2BSaaSDevOps

Company mission

To make it so that everyone can contribute. When everyone can contribute, users become contributors and we greatly increase the rate of innovation.

Role

Who you are

  • The ideal candidate combines product security expertise, data analysis expertise, and strong stakeholder management skills to build frameworks that enhance visibility, prioritization, and progress tracking of our product security initiatives
  • 5+ years of experience in product security, DevSecOps, security risk management, data analytics, or related technical roles
  • Demonstrated understanding of secure development practices and product security risks
  • Proven experience developing and implementing security metrics, KRIs, and risk dashboards that drive organizational outcomes
  • Proven ability to translate complex security concepts into actionable data and visualizations
  • Proficiency with data visualization and analysis tools (e.g., Tableau, Power BI, or similar)
  • Proficiency in designing workflows and scalable labeling systems in development ticketing systems like GitLab, Jira, Asana, etc
  • Strong analytical skills with ability to collect, organize, and derive insights from complex data sets
  • Experience with automation and scripting for data collection and reporting
  • Proven ability to manage cross-functional stakeholders, drive consensus, and navigate competing priorities
  • Excellent written and verbal communication skills with the ability to present complex data in accessible formats

Desirable

  • Experience working directly with product and engineering teams on security initiatives
  • Familiarity with GitLab and its DevSecOps capabilities
  • Prior experience specifically with security risk registers or vulnerability management programs
  • Prior experience with threat modeling, security reviews, or pentesting
  • Security certifications such as CISSP, CISM, CRISC, CRM, etc
  • Project management certifications like PMP
  • Experience with risk assessment methodologies and frameworks such as NIST RMF, FAIR, ISO 31000, etc
  • Knowledge of compliance frameworks such as FedRAMP, SOC 2, ISO 27001, PCI-DSS, TISAX, etc
  • Experience working in a rapidly scaling technology company

What the job involves

  • We are seeking a Staff Security Engineer to join our Security Architecture team with a specialized focus on product security risk and metrics engineering
  • This position will develop specialized Key Risk Indicators (KRIs), design data collection systems, and create data visualizations that demonstrate our product security posture improvements, measure Product Security teams’ strategic and operational effectiveness, and drive data-informed security decisions
  • This engineer will also operationalize our Product Security Risk Register and drive cross-functional alignment across Security, Engineering, and Product stakeholders to ensure buy-in and commitment to risk reduction initiatives
  • Create and maintain Key Risk Indicators (KRIs) specifically designed to measure, monitor, and communicate product security risk levels
  • Engineer tracking systems and data visualizations that monitor remediation progress and provide visibility into risk reduction initiatives
  • Apply data analysis techniques to identify trends and patterns in product security risk data to inform proactive risk management
  • Design and implement robust metrics collection systems that accurately measure both strategic and operational effectiveness for all Product Security teams
  • Build and maintain the operational systems for the Product Security Risk Register, focusing on efficient workflows and data collection
  • Manage operational cadences including the monthly risk review process and action item tracking workflows
  • Facilitate cross-team collaboration to ensure risk reduction efforts are properly coordinated and tracked
  • Drive cross-functional alignment between Security, Engineering, Product, and other stakeholders to ensure buy-in and commitment to risk reduction initiatives
  • Work alongside the Security Risk Team to ensure product-specific risk tracking aligns with broader operational and enterprise risk management programs while maintaining distinct focus areas
  • Serve as the central coordinator for the Product Security Risk Register operations, related metrics collection, and stakeholder reporting within the Security Architecture team

Share this job

View 94 more jobs at GitLab

Insights

Top investors

15% employee growth in 12 months

Company

Company benefits

  • We offer benefits to manage your health, wealth, and well-being regardless of location
  • Flexibility in schedule to be there for life’s important moments
  • Equity compensation & Employee Stock Purchase Plan offered
  • Generous Paid Time Off

Funding (last 2 of 8 rounds)

Sep 2019

$268m

SERIES E

Dec 2018

$20m

SERIES D

Total funding: $434.1m

Our take

GitLab is an open-source collaboration platform for developers. It enables teams to build code quickly from anywhere without compromising on security or quality. GitLab already has an estimated 30M+ users from all over the world.

According to a 2021 GitLab report, 60% of developers can release code 2x faster with DevOps platforms that bring teams together and accelerate processes. It stands out by catering to programmers of all experiences. Gitlab's version control system helps streamline the process of creating, maintaining, and deploying code, whoever you are.

GitLab was in the right place to capitalize on the recent trend toward rapid digital transformation and remote working. This trend is expected to continue to grow, and with it, GitLab's popularity. With its successful 2021 IPO and the patronage of major brands such as Nasdaq and Jaguar Land Rover, GitLab is expected to solidify its position as the go-to platform for development teams.

Kirsty headshot

Kirsty

Company Specialist at Welcome to the Jungle