Director, Security Operations at GitLab

Director, Security Operations

GitLab

1 year ago

Landed the job? Please let us know. As a non-profit we need your help to know that we're making a difference.

Category: Other

Job Flexibility Flexible hours

Security

Responsibilities

Secure our product, services (GitLab.com, package servers, other infrastructure), and company (laptops, email)
Define and plan priorities for security related activities based on that risk analysis
Determine appropriate combination of internal security efforts and external security efforts including bug bounty programs, external security audits (penetration testing, black box, white box testing)
Analyze and advise on new security technologies
Build and manage a team, which currently consists of Security Managers, Security Engineers, and Security Analysts
Identify and fill positions
Grow skills in team leads and team members, for example by creating training and testing materials
Deliver input on promotions, function changes, demotions, and terminations
Ensure our engineers and contributors from the wider community run a secure software development lifecycle for GitLab by training them in best practices and creating automated tools
Involve in major security and service abuse events
Ensure we're compliant with our legal and contractual security obligations
Evangelise GitLab Security and Values to staff, customers and prospects

Requirements

Significant application and SaaS security experience in production-level settings
This position does not require extensive development experience but the candidate should be very familiar with common security libraries, security controls, and common security flaws that apply to Ruby on Rails applications
Experience managing teams of engineers, and leading managers
Experience with incident management

Hiring Process

Candidates for the director positions can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
Next, candidates will be invited to schedule an interview with VP of Security
Candidates will then be invited to schedule separate 30 minute interviews with three members of the Security Organization
Candidates will then be invited to schedule an interview with CTO of Engineering
Successful candidates will subsequently be made an offer via email