Working in Security
Security Hiring
The company-wide mandate is justification for mapping Security headcount to around 5% of total company headcount. Tying Security Department growth headcount to 5% of total company headcount ensures adequate staffing support for the following (below are highlights and not the entire list of responsibilities of the Security Department):
- Security releases. At GitLab, the Security Department is DRI for critical and non-critical security releases.
- Detection/response for security incidents, which will increase as GitLab.com users increase.
- Preparation for becoming a public company.
- Running the GitLab public bug bounty program.
- Dogfooding and contributing to our product.
- Improving and maintaining the security of GitLab.com and related services.
Career Development and Opportunities at GitLab
Career opportunities at GitLab, personal growth, and development are important and encouraged. Security team members and managers are encouraged to use Individual Development Plans to help foster, guide, and assist with career growth.
Information regarding growth and development benefits available to GitLab team members is available on the General & Entity Specific Benefits page, with specific information regarding general budgeting strategy, reimbursement requirements, and budget exceptions for tuition available in the Growth and Development Benefit section of that page. Eligibility information and directions on how to apply for growth and development benefits can be found on the Growth and Development Benefit page. Be sure to review the administration process for growth and development costs exceeding $1000 before proceeding with payment as the reimbursement process and timing differs depending on category.
Individual Contribution vs. Management
graph LR;
subgraph Merit Based
sec:s(Intern, Product Security)-->sec:se(Security Engineer);
sec:se(Security Engineer)-->sec:sse(Senior Security Engineer);
end
subgraph Based on Merit and Company Need
sec:sse(Senior Security Engineer)-->sec:stse(Staff Security Engineer);
sec:stse(Staff Security Engineer)-->sec:pse(Principal Security Engineer);
sec:pse(Principal Security Engineer)-->sec:dse(Distinguished Security Engineer);
sec:sse(Senior Security Engineer)-->sec:sem(Manager, Security);
sec:sem(Manager, Security)-->sec:sms(Senior Manager, Security)
sec:sms(Senior Manager, Security)-->sec:ds(Director of Security);
end
click sec:s "/job-families/security/security-engineer#intern"
click sec:se "/job-families/security/security-engineer#intermediate-security-engineer";
click sec:sse "/job-families/security/security-engineer#senior-security-engineer";
click sec:stse "/job-families/security/security-engineer#staff-security-engineer";
click sec:pse "/job-families/security/security-engineer#principal-security-engineer";
click sec:dse "/job-families/security/security-engineer#distinguished-security-engineer";
click sec:sem "https://handbook.gitlab.com/job-families/security/security-leadership/#security-leadership-roles-at-gitlab";
click sec:sms "https://handbook.gitlab.com/job-families/security/security-leadership/#senior-manager-security";
click sec:ds "https://handbook.gitlab.com/job-families/security/security-leadership/#security-leadership-roles-at-gitlab";
Security Internship
For information on the security internship, see the Internship page.
Security Shadow Program
The Security Organization is piloting a fully immersive on-the-job cross-training program among our various sub-organizations and teams. Participants will get a true behind the scenes look at how the Security Organization protects, defends, and assures our customers and team members day in and day out.
For more information, see the Security Shadow Program page.
Security Gearing Ratios
Gearing ratios related to the Security Department have been moved to a separate page.
7db9c423)
