Senior Security Engineer, Application Security
@ GitLab

Hybrid

$150,000

Hybrid

Full Time

Posted 23 days ago

Your Application Journey

Interview

Email Hiring Manager

XXXXXXXX XXXXXXXXXXXXX XXXXXXXXXX***** @gitlab.com

Recommended after applying

Job Details

About GitLab and the Role

GitLab is an open-core software company delivering the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. GitLab's mission is to enable everyone to contribute to and co-create the software that powers our world. The company fosters a high-performance, remote, and asynchronous work culture where every voice is valued.

An Overview Of The Role

The Senior Security Engineer, Application Security will work closely with GitLab engineers and product teams to anticipate and mitigate potential vulnerabilities early in the software development lifecycle. This role is essential in ensuring that GitLab customers receive high-quality, secure software.

What You Will Do

Conduct security-focused application design, architecture reviews, threat modeling, code reviews, and security testing assessments.
Propose and establish secure development practices and security standards to support rapid feature delivery.
Contribute directly to the GitLab product by engaging in customer feedback and refining platform features.
Secure the software supply chain by improving security workflows and automations.
Drive team maturity through process, metrics, and automation improvements.

What You’ll Bring

A strong technical background with 5+ years of professional experience in computer technology, a deep understanding of computer code and security vulnerabilities, and programming experience in Ruby on Rails or Go. Experience in shell scripting, application security concepts (OWASP, STRIDE, CVSS), penetration testing, vulnerability research, and standard web application security tools is essential. Excellent communication skills and familiarity with Git are also required.

How GitLab Will Support You

Comprehensive benefits covering health, finances, and well-being.
Remote, asynchronous work environment offering flexibility and paid time off.
Growth and development budget with equity and stock purchase opportunities.
Support via team resource groups, parental leave, and home office assistance.

Key Skills/Competency

Application Security
Threat Modeling
Code Review
Penetration Testing
DevSecOps
Ruby on Rails
Go
Shell Scripting
Security Standards
Automation

Apply without a personalized resume

How to Get Hired at GitLab

🎯 Tips for Getting Hired

Research GitLab's culture: Understand their remote and inclusive work values.
Customize your resume: Highlight security engineering and DevSecOps experience.
Showcase relevant skills: Emphasize application security, threat modeling, and penetration testing.
Prepare for technical interviews: Practice coding, security assessments, and design reviews.

📝 Interview Preparation Advice

Technical Preparation

Review threat modeling frameworks and security standards.

Practice code review and vulnerability analysis exercises.

Familiarize with security tools like BurpSuite and Brakeman.

Study secure coding practices in Ruby and Go.

Behavioral Questions

Describe a challenging security project experience.

Explain your remote collaboration and communication style.

Share an instance of resolving project conflict.

Discuss adaptability when facing ambiguous requirements.

Ready to optimize your application for GitLab?

Our Al will adapt your resume for GitLab's hiring patterns and similar Senior Security Engineer, Application Security roles.

Frequently Asked Questions

What background is required for the Senior Security Engineer role at GitLab?

How important is remote work experience for GitLab's Senior Security Engineer?

What technical skills does GitLab seek in its Application Security role?

Can candidates without all listed qualifications apply for GitLab’s Senior Security Engineer role?

How does GitLab support skills development for the Senior Security Engineer position?