Principal Security Engineer Application Security

@ GitLab

About GitLab

GitLab is an open-core software company offering an AI-powered DevSecOps Platform used by over 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world.

Role Overview

The Principal Security Engineer Application Security role is part of the Application Security + Response team. In this role, you will drive complex security engineering solutions, perform in-depth security reviews, and contribute to robust product designs to ensure the delivery of secure software.

What You Will Do

• Drive the resolution of systemic vulnerability classes and mitigations.
• Conduct application security reviews and threat modeling.
• Perform vulnerability research and controlled PoC exploit demonstrations.
• Establish secure development practices and technical security leadership.
• Contribute to long-term security architecture and strategic product design.

What You Will Bring

• 8+ years in Application Security or Vulnerability Research.
• Expert knowledge in identifying and remediating security defects.
• Programming experience in Ruby, Ruby on Rails, Go, TypeScript, and familiarity with GraphQL APIs.
• Deep understanding of OWASP Top 10, STRIDE, CVSS, and Threat Modeling.
• Experience with code review, static/dynamic analysis, and penetration testing.
• Excellent communication skills and ability to influence at executive levels.

Benefits & Work Environment

GitLab offers full remote work, flexible paid time off, growth budgets, equity compensation, and more. Our high-performance culture values contributions and continuous learning.

Key skills/competency

• Application Security
• Vulnerability Research
• Threat Modeling
• Secure Coding
• Incident Response
• CI/CD Security
• Code Analysis
• Risk Assessment
• Technical Leadership
• Collaboration