GitLab
GitLab is the most comprehensive AI-powered DevSecOps platform.
Remote

Application Security Engineer or Senior Application Security Engineer (US Federal)

Sorry, this job was removed at 6:09 p.m. (CST) on Wednesday, November 17, 2021
Find out who’s hiring remotely Nationwide
See all Remote jobs Nationwide
Easy Apply
By clicking Apply Now you agree to share your profile information with the hiring company.

GitLab's DevOps platform empowers 100,000+ organizations to deliver software faster and more efficiently. We are one of the world’s largest all-remote companies with 1,400+ team members and values that guide a culture where people embrace the belief that everyone can contribute.

This Application Security Engineer or Senior Application Security Engineer position is 100% remote for someone located in the USA. We can only consider US citizens at this time.

It’s an exciting time to join our team.

GitLab's DevOps platform empowers 100,000+ organizations to deliver software faster and more efficiently. We are one of the world’s largest all-remote companies with 1,400+ team members and values that guide a culture where people embrace the belief that everyone can contribute.

Application Security Engineers work closely with development teams, product managers (PM), and third-party groups (including the paid bug bounty program) to ensure that GitLab products are secure.

We are looking for an Application Security Engineer to review JiHu contributions, work with and triage security reports from US government organizations, and support our Public Sector team from an application security point of view.

The culture here at GitLab is something we’re incredibly proud of. Some of the benefits you’ll be entitled to vary by the region or country you’re in. However, all GitLab team members are fully remote and receive a "no ask, must tell" paid-time-off policy, where we don’t count the number of days you take off annually -- instead, we focus on your results. You can work the hours you choose, enabled by our asynchronous approach to communication. You can also expect stock options and a competitive salary. Our compensation calculator will be shared with selected candidates before any interview.

Diversity, Inclusion, and Belonging (DIB) are fundamental to the success of GitLab. We want to infuse DIB in every way possible and in all that we do. We strive to create a transparent environment where all team members around the world feel that their voices are heard and welcomed. We also aim to be a place where people can show up as their full selves each day and contribute their best. With more than 100,000 organizations using GitLab, our goal is to have a team that is representative of our users.

What you'll do in this role:

  • Participate in and support application security reviews and threat modeling, including code review and dynamic testing.
  • Own and perform application security vulnerability management.
  • Support the bug bounty program.
  • Facilitate and support the preparation of security releases.
  • Support and consult with product and development teams in the area of application security.
  • Assist in the creation of security training.
  • Assist in the development of automated security testing to validate that secure coding best practices are being used.
  • Lead and perform application security reviews on all contributed code from GitLab Information Technology (Hubei) Co., Ltd. (JiHu, pronounced "G Who").
  • Work with and triage security reports from US government organizations and associated contractors.
  • From an Application Security perspective, support our Federal Sales and Public Sector teams.
  • Auxillary responsibilities include those general to the Application Security Engineer role.

As a Senior Application Security Engineer you will also:

  • Support and evolve the bug bounty program.
  • Lead both critical and regular security releases.
  • Lead application security reviews and threat modeling, including code review and dynamic testing.
  • Lead in development of automated security testing to validate that secure coding best practices are being used.
  • Guide and advise product development teams as SMEs in the area of application security.
  • Assist with recruiting activities and administrative work.
  • Develop security training and socialize the material with internal development teams.
  • Participate and assist in initiatives to holistically address multiple vulnerabilities found in a functional area.

You should apply if you bring:

  • Ability to use GitLab.
  • Familiarity with common security libraries, security controls, and common security flaws.
  • Basic development or scripting experience and skills. Ruby and Ruby on Rails is preferred.
  • Experience with OWASP, static/dynamic analysis, and common security tools.
  • A basic understanding of network and web related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, protocols).
  • Familiarity with cloud security controls and best practices.
  • Experience working with developers.
  • Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
  • A United States citizenship.
  • Residence in one of the 50 states of the United States of America.
  • Ability to conduct all GitLab related work within the United States of America.
  • Experience working for or closely with the United States government or associated contractors.
  • Ability and willingness to obtain a federal security clearance should it be necessary to perform job responsibilities.
  • Experience working with Defense Information Security Agency (DISA) Security Technical Implementation Guides (STIGs).
  • Successful completion of a background check.

If applying as a Senior, you should apply if you also bring:

  • Strong understanding and experience with common security libraries, security controls, and common security flaws.
  • Some development or scripting experience and skills. Ruby and Ruby on Rails is preferred.
  • Be a subject matter expert (SME) of at least 1 technical area impacting the security of the product.
  • Strong experience working closely with developers.

Also, we know it’s tough, but please try to avoid the ​​confidence gap​.​​ You don’t have to match all the listed requirements exactly to be considered for this role.

Our hiring process for this Application Security Engineer position typically follows four stages. The details of this process and our leveling structure can be found on our job family page.

Remote-US

Country Hiring Guidelines: GitLab hires new team members in countries around the world. All of our roles are remote, however some roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process.  

Privacy Policy: Please review our Recruitment Privacy Policy. Your privacy is important to us.

GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics. See also GitLab’s EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know during the recruiting process.

See More
Easy Apply
By clicking Apply Now you agree to share your profile information with the hiring company.
Candidate Location Eligibility:
Albuquerque, NM
Ann Arbor, MI
Atlanta, GA
Austin, TX
Baltimore, MD
Baton Rouge, LA
Birmingham, AL
Boise, ID
Boston, MA
Buffalo, NY
Charleston, SC
Charlotte, NC
Chicago, IL
Cincinnati, OH
Cleveland, OH
Colorado, CO
Columbus, OH
Dallas-Fort Worth, TX
Dayton, OH
Des Moines, IA
Detroit, MI
Fayetteville-Springdale-Rogers, AR
Greensboro, NC
Hampton Roads, VA
Hartford, CT
Houston, TX
Huntsville, AL
Indianapolis, IN
Jacksonville, FL
Kansas City, MO
Las Vegas, NV
Lexington, KY
Lincoln, NE
Little Rock, AR
Los Angeles, CA
Louisville, KY
Madison, WI
Memphis, TN
Miami, FL
Milwaukee, WI
Minneapolis–Saint Paul, MN
Nashville, TN
New Orleans, LA
New York City, NY
Ogden, UT
Oklahoma City, OK
Omaha, NE
Orlando, FL
Other US Location
Palm Bay-Melbourne-Titusville
Pensacola, FL
Peoria, IL
Philadelphia, PA
Phoenix – Mesa – Scottsdale, AZ
Pittsburgh, PA
Portland, ME
Portland, OR
Providence, RI
Provo, UT
Raleigh-Durham, NC
Reno, NV
Richmond, VA
Rochester, NY
Sacramento, CA
Salt Lake City, UT
San Antonio, TX
San Diego, CA
San Francisco, CA
San Luis Obispo, CA
Santa Cruz, CA
Seattle, WA
Spokane, WA
St. Louis, MO
Tallahassee, FL
Tampa Bay, FL
Tucson, AZ
Tulsa, OK
Washington DC
Wichita, KS
Wilmington, NC

What are GitLab Perks + Benefits

GitLab Benefits Overview

We offer benefits to manage your health, wealth, and well-being regardless of location with the flexibility in schedule to be there for life’s important moments.

Culture
Volunteer in local community
OKR operational model
Team based strategic planning
Flexible work schedule
Remote work program
Diversity
Documented equal pay policy
Dedicated diversity and inclusion staff
Highly diverse management team
Mandated unconscious bias training
Diversity manifesto
Mean gender pay gap below 10%
Diversity employee resource groups
Hiring practices that promote diversity
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability insurance
Dental insurance
Vision insurance
Health insurance
Life insurance
Mental health benefits
Financial & Retirement
401(K)
401(K) matching
Company equity
Employee stock purchase plan
Performance bonus
Child Care & Parental Leave Benefits
Generous parental leave
Family medical leave
Return-to-work program post parental leave
Vacation & Time Off Benefits
Unlimited vacation policy
Generous PTO
Paid volunteer time
Paid holidays
Paid sick days
Office Perks
Company-sponsored outings
Some meals provided
Company-sponsored happy hours
Relocation assistance
Home-office stipend for remote employees
Professional Development Benefits
Job training & conferences
Tuition reimbursement
Promote from within
Mentorship program
Continuing education stipend
Continuing education available during work hours
Online course subscriptions available

More Jobs at GitLab

Easy Apply
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about GitLabFind similar jobs like this