Application Security Engineer or Senior Application Security Engineer (US Federal)

| Remote
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

GitLab's DevOps platform empowers 100,000+ organizations to deliver software faster and more efficiently. We are one of the world’s largest all-remote companies with 1,400+ team members and values that guide a culture where people embrace the belief that everyone can contribute.

This Application Security Engineer or Senior Application Security Engineer position is 100% remote for someone located in the USA. We can only consider US citizens at this time.

It’s an exciting time to join our team.

GitLab's DevOps platform empowers 100,000+ organizations to deliver software faster and more efficiently. We are one of the world’s largest all-remote companies with 1,400+ team members and values that guide a culture where people embrace the belief that everyone can contribute.

Application Security Engineers work closely with development teams, product managers (PM), and third-party groups (including the paid bug bounty program) to ensure that GitLab products are secure.

We are looking for an Application Security Engineer to review JiHu contributions, work with and triage security reports from US government organizations, and support our Public Sector team from an application security point of view.

The culture here at GitLab is something we’re incredibly proud of. Some of the benefits you’ll be entitled to vary by the region or country you’re in. However, all GitLab team members are fully remote and receive a "no ask, must tell" paid-time-off policy, where we don’t count the number of days you take off annually -- instead, we focus on your results. You can work the hours you choose, enabled by our asynchronous approach to communication. You can also expect stock options and a competitive salary. Our compensation calculator will be shared with selected candidates before any interview.

Diversity, Inclusion, and Belonging (DIB) are fundamental to the success of GitLab. We want to infuse DIB in every way possible and in all that we do. We strive to create a transparent environment where all team members around the world feel that their voices are heard and welcomed. We also aim to be a place where people can show up as their full selves each day and contribute their best. With more than 100,000 organizations using GitLab, our goal is to have a team that is representative of our users.

What you'll do in this role:
  • Participate in and support application security reviews and threat modeling, including code review and dynamic testing.
  • Own and perform application security vulnerability management.
  • Support the bug bounty program.
  • Facilitate and support the preparation of security releases.
  • Support and consult with product and development teams in the area of application security.
  • Assist in the creation of security training.
  • Assist in the development of automated security testing to validate that secure coding best practices are being used.
  • Lead and perform application security reviews on all contributed code from GitLab Information Technology (Hubei) Co., Ltd. (JiHu, pronounced "G Who").
  • Work with and triage security reports from US government organizations and associated contractors.
  • From an Application Security perspective, support our Federal Sales and Public Sector teams.
  • Auxillary responsibilities include those general to the Application Security Engineer role.
As a Senior Application Security Engineer you will also:
  • Support and evolve the bug bounty program.
  • Lead both critical and regular security releases.
  • Lead application security reviews and threat modeling, including code review and dynamic testing.
  • Lead in development of automated security testing to validate that secure coding best practices are being used.
  • Guide and advise product development teams as SMEs in the area of application security.
  • Assist with recruiting activities and administrative work.
  • Develop security training and socialize the material with internal development teams.
  • Participate and assist in initiatives to holistically address multiple vulnerabilities found in a functional area.
You should apply if you bring:
  • Ability to use GitLab.
  • Familiarity with common security libraries, security controls, and common security flaws.
  • Basic development or scripting experience and skills. Ruby and Ruby on Rails is preferred.
  • Experience with OWASP, static/dynamic analysis, and common security tools.
  • A basic understanding of network and web related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, protocols).
  • Familiarity with cloud security controls and best practices.
  • Experience working with developers.
  • Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
  • A United States citizenship.
  • Residence in one of the 50 states of the United States of America.
  • Ability to conduct all GitLab related work within the United States of America.
  • Experience working for or closely with the United States government or associated contractors.
  • Ability and willingness to obtain a federal security clearance should it be necessary to perform job responsibilities.
  • Experience working with Defense Information Security Agency (DISA) Security Technical Implementation Guides (STIGs).
  • Successful completion of a background check.
If applying as a Senior, you should apply if you also bring:
  • Strong understanding and experience with common security libraries, security controls, and common security flaws.
  • Some development or scripting experience and skills. Ruby and Ruby on Rails is preferred.
  • Be a subject matter expert (SME) of at least 1 technical area impacting the security of the product.
  • Strong experience working closely with developers.

Also, we know it’s tough, but please try to avoid the ​​confidence gap​.​​ You don’t have to match all the listed requirements exactly to be considered for this role.

Our hiring process for this Application Security Engineer position typically follows four stages. The details of this process and our leveling structure can be found on our job family page.

Remote-US

Country Hiring Guidelines

GitLab hires new team members in countries around the world. All of our roles are remote, however some roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process.  

Your Privacy

For information about our privacy practices in the recruitment process, please visit our Recruitment Privacy Policy page.

 
Read Full Job Description
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.
Save jobView GitLab's full profileFind similar jobs