Intermediate Security Engineer, Vulnerability Management

An overview of this role

The GitLab Vulnerability Management team is responsible for building and executing on an efficient, impactful vulnerability management program across GitLab’s product and service offerings. We are looking for an automation-focused security engineer to join us to execute on our vulnerability management program in the FedRAMP environment, and to help us continue to build a world-class program. As an intermediate security engineer, you will manage and contribute to our vulnerability management tools, as well as work cross-functionally to help GitLab teams execute on the vulnerability management program. You will have the opportunity to learn about, and have impact upon the complete range of vulnerability types across our cloud environments and the GitLab product, with the goal of providing customers with a secure DevSecOps platform they can trust.

Find out more about the Vulnerability Management team and responsibilities here:

• Vulnerability Management
• Product Security

What You’ll Do  

• Support the development, implementation, and management of our vulnerability management tooling in the FedRAMP environment, ensuring all services meet FedRAMP requirements.
• Own and execute on a vulnerability management strategy across all GitLab cloud environments, our products, and their dependencies.
• Collaborate cross-functionally to define, communicate, and measure the patch management strategy.
• Provide the visibility and tooling necessary to continually assess and iterate on security best practices for our cloud environments and the Gitlab product.
• Create documentation such as runbooks and procedures 
• Support other Product Security efforts where practical.
• Support Security Operations in tracking new and emerging threats to our environments.
• Ensure the protection of both GitLab and GitLab customer data.

What You’ll Bring 

• Proof of U.S. citizenship and residency
• Ability to use GitLab
• Demonstrated experience in cloud security, vulnerability management, asset management and related topics.
• Development experience with Ruby, Go, Python.
• Demonstrated experience working collaboratively with cross-functional teams.
• Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details.
• Share our values, and work in accordance with those values

About the team

At GitLab the Vulnerability Management team is responsible for identifying, prioritizing, tracking and communicating vulnerabilities and remediation advice for detected vulnerabilities that have  demonstrable impact to GitLab or our customers. We accomplish our mission with an automation first approach working closely with our Infrastructure, Engineering, Product, and Security teams to ensure adherence to the Gitlab Vulnerability Management Standard. Our scope encompasses GitLab’s infrastructure, software, packages, images and dependencies as defined in the handbook page,  What does Vulnerability Management cover at GitLab? 

How GitLab will support you

• Benefits to support your health, finances, and well-being
• All remote, asynchronous work environment
• Flexible Paid Time Off
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and development budget 
• Parental leave 
• Home office support

Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application.