Security Operations
Vision
Protect company property by identifying, preventing, detecting and responding to risks and security events targeting the business and GitLab.com and its users. We are at the forefront of GitLab’s security.
Mission
The Security Operations department focuses on the operational aspect of security. Our department consists of experienced breakers, builders, and defenders from all walks of life and geographic locations. We are responsible for improving GitLab’s security capabilities and metrics in the areas of security anomaly/event detection and incident response and abuse of GitLab.com.
Our department consists of:
- Security Incident Response Team (SIRT) - Security detection engineering and incident response
- Trust & Safety - Prevention and mitigation of abuse of the GitLab.com platform
- Red Team - Adversary emulation
- Threat Intelligence - Actionable insights on real-world threats
- Signals Engineering - Detection Engineering
Contacting Security Operations
- Slack channel to interact with the Security Operations Department #security-operations
- The Security Operations department follows the Security Team On-Call Rotation with more details available in Security Operations On-Call
- How to Engage the Security Engineer On-Call
Common Links
Red Team
GitLab’s internal Red Team conducts security exercises that emulate real-world threats. We do this to help assess and improve the effectiveness of the people, processes, and technologies used to keep our organization secure.
The Red Team does not perform penetration tests, and the work we do is not focused on delivering a list of vulnerabilities in a specific application or service.
Malicious actors are not constrained by the narrow focus of traditional security testing. We must take on this adversarial mindset in order to challenge our own assumptions and identify areas for improvement across our entire organization. We do this by emulating the real-world tactics, techniques, and procedures (TTPs) of threats that are most relevant to our environment.
Security Incident Response Team - SIRT
GitLab Security Incident Response Team Overview
Security Logging Overview
Security Logging supports and develops GitLab's security log ingestion platform.
Signals Engineering Team (SET)
Engaging Signals Engineering
Teams can engage Signals Engineering by heading over to the #signals-engineering slack channel. SIRT can also engage Signals Engineering for detection and alert tuning needs by selecting the “report a bug” feature in GUARD.
Our Vision
Improve the effectiveness and overall coverage of GitLab’s detection engineering program internally and for customers, identifying opportunities to reduce the mean time to detection creation for incidents, and partnering with the product team to drive security observability improvements in the GitLab product, corporate, cloud and identity infrastructure.
Threat Intelligence Team
Engaging Threat Intelligence
Please follow our RFI process to contact the team.
For a less formal discussion, you can find us in Slack in the #sd_security_threat_intel channel.
Our Vision
Empower GitLab to make informed, intelligence-driven decisions that keep our company and customers secure, while setting a new standard for transparency and collaboration across the industry.
Our Mission Statement
Our mission is to provide actionable intelligence that empowers GitLab to make informed, proactive decisions about security.
Trust & Safety Team
GitLab.com Trust & Safety Team Overview
Last modified November 20, 2024: Update the mission and slack channel for secops in security operation handbook page (
a7e5d474)
