Principal Security Engineer Application Security
@ GitLab

Hybrid
$150,000
Hybrid
Full Time
Posted 23 days ago

Your Application Journey

Personalized Resume
Apply
Email Hiring Manager
Interview

Email Hiring Manager

XXXXXXXX XXXXXXXXXXX XXXXXXX***** @about.gitlab.com
Recommended after applying

Job Details

About GitLab

GitLab is an open-core software company that develops an AI-powered DevSecOps Platform used by over 100,000 organizations. Their mission is to enable everyone to contribute to and co-create the software that powers our world.

Overview Of The Role

The Principal Security Engineer Application Security role works within the Application Security + Response (ASR) subdepartment. This team collaborates with GitLab engineers and product teams to anticipate, prevent, and remediate vulnerabilities, ensuring high-quality, secure software products.

Key Responsibilities

  • Drive resolution of systemic vulnerabilities and perform complex security reviews.
  • Conduct vulnerability research and proof-of-concept exploit demonstrations.
  • Provide technical leadership in security crisis situations and major incident response.
  • Establish secure development practices, standards, and threat modeling practices.
  • Contribute to long-term security architecture and strategic product design.

What You’ll Bring

  • Effective use of GitLab and strong communication skills.
  • Bachelor's degree in Computer Science or equivalent practical education with 8+ years in Application Security.
  • Expertise in detecting and mitigating security defects with proficiency in Ruby, Go, TypeScript and GraphQL APIs.
  • Deep understanding of application security concepts (OWASP, STRIDE, CVSS, Threat Modeling).
  • Experience in code reviews, threat modeling, static/dynamic analysis, and vulnerability research.
  • Ability to influence security decisions and mentor junior engineers.

Benefits & GitLab Culture

GitLab supports health, finances, and well-being through an all-remote work environment, flexible paid time off, equity compensation, growth budgets, and home office support. They value inclusivity and encourage candidates with diverse backgrounds to apply.

Key skills/competency

  • Application Security
  • Vulnerability Research
  • Threat Modeling
  • Secure Coding
  • Incident Response
  • DevSecOps
  • CI/CD Security
  • Code Review
  • Risk Assessment
  • Technical Leadership
Apply without a personalized resume

How to Get Hired at GitLab

🎯 Tips for Getting Hired

  • Customize your resume: Tailor skills and experience for GitLab.
  • Highlight security projects: Emphasize successful security engineering initiatives.
  • Prepare for technical interviews: Practice threat modeling and vulnerability research.
  • Show leadership: Demonstrate mentoring and cross-team communication.

📝 Interview Preparation Advice

Technical Preparation

Review secure coding practices.
Practice vulnerability research techniques.
Study threat modeling frameworks.
Refresh skills in Ruby and Go.

Behavioral Questions

Describe handling security incident pressure.
Explain collaboration in cross-functional teams.
Detail mentoring junior engineers.
Share experience influencing executive decisions.

Frequently Asked Questions