Skip to main content

Security Engineer

GitLab, San Francisco
Employment type: 
Full time
Ruby on Rails, SQL

Similar jobs

No similar jobs found.

Warning message

  • This job ad is no longer active. Search for new jobs.
Materials Hack
Playground for innovative materials powered by Borealis.
8th-10th July – Vienna, Austria
2.5
days Hackathon
3
weeks Incubation
2
winning teams
24K
cash prizes

Security Engineer

GitLab Inc. is a company based on the GitLab open-source project. GitLab is a community project to which over 1,000 people worldwide have contributed. We are an active participant in this community, trying to serve its needs and lead by example. We have one vision: everyone can contribute to all digital content, and our mission is to change all creative work from read-only to read-write so that everyone can contribute.

We value results, transparency, sharing, freedom, efficiency, frugality, collaboration, directness, kindness, diversity, boring solutions, and quirkiness. If these values match your personality, work ethic, and personal goals, we encourage you to visit our primer to learn more. Open source is our culture, our way of life, our story, and what makes us truly unique.

Top 10 reasons to work for GitLab:

  1. Work with helpful, kind, motivated, and talented people.
  2. Work remote so you have no commute and are free to travel and move.
  3. Have flexible work hours so you are there for other people and free to plan the day how you like.
  4. Everyone works remote, but you don't feel remote. We don't have a head office, so you're not in a satellite office.
  5. Work on open source software so you can interact with a large community and can show your work.
  6. Work on a product you use every day: we drink our own wine.
  7. Work on a product used by lots of people that care about what you do.
  8. As a company we contribute more than we take, most of our work is released as the open source GitLab CE.
  9. Focused on results, not on long hours, so that you can have a life and don't burn out.
  10. Open internal processes: know what you're getting in to and be assured we're thoughtful and effective.

See our culture page for more!

A Security Specialist is a Developer who focuses on ensuring that GitLab and associated applications are as secure as possible. The Security Specialist works in close collaboration with the Security Lead and has the following set of skills, experience, and responsibilities:

  1. Technical Skills
    • Ability to discover and patch SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond).
    • Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP.
    • Knowledge of browser-based security controls such as CSP, HSTS, XFO.
    • Experience with standard web application security tools such as Arachni, Brakeman, and BurpSuite.
  2. Code quality
    • Proactively identifying and reducing security risks.
    • Finding and removing outdated and vulnerable code and code libraries.
  3. Communication
    • Consult with other developers and product managers to analyze and propose application security standards, methods, and architectures.
    • Handle communications with independent vulnerability researchers and design appropriate mitigation strategies for reported vulnerabilities.
    • Educate other developers on secure coding best practices.
    • Ability to professionally handle communications with outside researchers, users, and customers.
    • Ability to communicate clearly on technical issues.
  4. Performance & Scalability
    • An understanding of how to write code that is not only secure but scales to a large number of users and systems.
Top