Senior Infrastructure Security Engineer

Overview of the Role: Senior Infrastructure Security Engineer at GitLab

As a Senior Infrastructure Security Engineer within GitLab's Product Security Department, you will join the Infrastructure Security Team. Your primary responsibility will be to collaborate with various teams across GitLab, ensuring that our public cloud infrastructure components are built with the inherent resiliency and security that our customers depend on for their DevSecOps objectives.

This senior position involves leading cross-team infrastructure security initiatives aimed at strengthening GitLab's SaaS Platforms (e.g., GitLab Dedicated, Cells) and Self-Managed offerings. You will be responsible for designing and implementing security solutions, while also collaborating extensively with diverse stakeholders throughout GitLab. Your technical leadership and hands-on execution will be crucial in developing pragmatic security capabilities, enabling critical software factories globally to operate securely at scale.

What You’ll Do

• Lead cross-team infrastructure security initiatives from the initial design phase through to delivery, taking ownership of technical outcomes and stakeholder communication.
• Design and implement robust security solutions for cloud infrastructure, container platforms, and orchestration systems.
• Drive comprehensive security reviews for infrastructure changes, offering expert guidance and proactively identifying risks before they reach production environments.
• Develop secure patterns and create reference implementations to empower engineering teams to deploy secure infrastructure swiftly.
• Identify systemic security vulnerabilities within cloud, Kubernetes, and infrastructure configurations, then lead the remediation efforts across all affected systems.
• Partner closely with Site Reliability Engineering (SRE), Infrastructure, and other Engineering teams to seamlessly integrate security into platform services and deployment pipelines.
• Mentor and collaborate with engineers, actively supporting their professional development.
• Contribute significantly to the team's technical roadmap, pinpointing high-impact security improvements that align with broader business objectives.
• Fulfill the Product Security Division's mission of securing GitLab Infrastructure by utilizing GitLab's own product ('dogfooding').

What You’ll Bring

• Strong, demonstrated experience in securing cloud infrastructure at scale across major providers (AWS/GCP/Azure), including expertise in IAM, networking, compute, and storage services.
• Proficiency in multiple programming languages, such as Go, Python, and Ruby, with a proven ability to develop production-quality security tooling.
• Deep understanding of container security, Kubernetes hardening techniques, and best practices for orchestration platform security.
• Extensive experience with Infrastructure-as-Code (IaC) security, including tools like Terraform, Ansible, and CloudFormation, alongside expertise in policy-as-code and automated compliance.
• Experience with or a strong interest in leveraging Artificial Intelligence (AI) to automate processes and enhance efficiency.
• Proven experience leading technical initiatives across multiple teams, demonstrating the ability to drive consensus and deliver tangible results.
• A track record of successfully identifying security risks in complex systems and implementing effective mitigation strategies.
• Excellent written and verbal communication skills, capable of clearly explaining complex security trade-offs to both technical and non-technical audiences.
• Bonus: Experience in high-reliability domains (e.g., finance, healthcare, government, telecom).
• Bonus: Familiarity with regulatory and compliance frameworks (e.g., PCI-DSS, FedRAMP, ISO27001, SOC II).
• A commitment to sharing GitLab's values and working in accordance with those values.

Key skills/competency

• Cloud Security
• Kubernetes Security
• Infrastructure-as-Code (IaC)
• AWS/GCP/Azure
• IAM
• Network Security
• Container Security
• Go/Python/Ruby
• DevSecOps
• Security Architecture