Skip to main content

Security Engineer

GitLab, San Francisco
Employment type: 
Full time, Remote Work
Ubuntu, Linux, Software, Programming, Ruby, Ruby on Rails, Debugging

Similar jobs

No similar jobs found.

Materials Hack
Playground for innovative materials powered by Borealis.
8th-10th July – Vienna, Austria
Learn more
2.5
days Hackathon
3
weeks Incubation
2
winning teams
24K
cash prizes

Security Engineer

As a member of the security team at GitLab, you will be working towards raising the bar on security. We will achieve that by working and collaborating with cross-functional teams to provide guidance on security best practices.

The Security Team is responsible for leading and implementing the various initiatives that relate to improving GitLab's security.

Responsibilities for Security Engineer roles

  • Develop security training and guidance to internal development teams
  • Provide subject matter expertise on architecture, authentication and system security
  • Assess security tools and integrate tools as needed, particularly open-source tools
  • Assist with recruiting activities and administrative work
  • Technical Skills
    • Familiar with common security libraries, security controls, and common security flaws that apply to Ruby on Rails applications.
    • Ability to discover and patch SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond).
    • Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP.
    • Knowledge of browser-based security controls such as CSP, HSTS, XFO.
    • Experience with standard web application security tools such as Arachni, Brakeman, and BurpSuite.
    • There should also be time to participate in development of GitLab.
  • Code quality
    • Proactively identify and reduce security risks.
    • Find and remove outdated and vulnerable code and code libraries.
  • Communication
    • Consult with other Developers and Product Managers to analyze and propose application security standards, methods, and architectures.
    • Handle communications with independent vulnerability researchers and design appropriate mitigation strategies for reported vulnerabilities.
    • Educate other developers on secure coding best practices.
    • Ability to professionally handle communications with outside researchers, users, and customers.
    • Ability to communicate clearly on technical issues.
  • Performance & Scalability
    • An understanding of how to write code that is not only secure but scales to a large number of users and systems.

General Requirements for Security Engineer roles

  • You have a passion for security and open source
  • You are a team player, and enjoy collaborating with cross-functional teams
  • You are a great communicator
  • You employ a flexible and constructive approach when solving problems
  • You share our values, and work in accordance with those values
  • Ability to use GitLab

 

Top