Security Analyst

Job Grade

The roles described below are grades: 6, 7, 8

Responsibilities

As a member of the Security Team at GitLab, you will be working towards raising the bar on security for GitLab, Inc. the company, GitLab the product, and GitLab.com. We achieve that by collaborating with cross-functional teams to provide guidance on security best practices across the organization, implementing security requirements and improvements, and reacting to security events and incidents.

Requirements

Ability to use GitLab
You share our values, and work in accordance with those values
You have a passion for security and open source

Levels

Analyst

Security Analyst Responsibilities

As defined by specialty.

Security Analyst Requirements

You are a team player, and enjoy collaborating with cross-functional teams
You are a great communicator
You employ a flexible and constructive approach when solving problems

Senior Analyst

Senior Security Analyst Responsibilities

As defined by specialty.

Senior Security Analyst Requirements

All requirements for a Security Analyst; plus:
You have strong critical thinking and problem solving skills
You have the ability to build simple solutions to complex problems
You assist with recruiting activities and employee onboarding training
You prioritize collaboration across teams outside of Security
You have the ability to iterate and improve on existing processes and programs
You have the ability to build consensus without formal authority
You have the ability to operate effectively in ambiguity
You have strong knowledge in most GitLab tools, services, and infrastructure

Staff Analyst

Staff Security Analyst Responsibilities

As defined by specialty.

Staff Security Analyst Requirements

All requirements for a Senior Security Analyst; plus:
You are an industry recognized leader in your field
You have a proven ability to create new security programs and deliver successful results
You execute program-level leadership across teams inside and outside of Security
You have a detailed and comprehensive knowledge of all GitLab tools, services, and infrastructure

Specialties

Anti-Abuse

The Senior Anti-Abuse Analyst is responsible for leading and implementing the various initiatives that relate to improving GitLab’s security.

Senior Anti-Abuse Security Analyst Responsibilities

Handle tickets/requests escalated to abuse
Handle DMCA, phishing, malware, botnet, intrusion attempts, DoS, port scanning, spam, spam website, PII and web-crawling abuse reports to point of mitigation of abuse
Verify proper classification of incoming abuse reports
Execute messaging to customers on best practices
Monitoring email, forums, and other communication channels for abuse, and responding accordingly
Assist with recruiting activities and administrative work
Making sure internal knowledge reference pages are updated
Handle communications with independent vulnerability researchers and triage reported abuse cases.
Educate other developers on anti-abuse cases, workflows and processes.
Ability to professionally handle communications with outside researchers, users, and customers.
Ability to communicate clearly on anti-abuse issues.

Security Compliance

See Security Compliance

Security External Communications

See Security External Communications

Security Operations

Security Operations is responsible for the proactive security measures to protect GitLab the company, GitLab the product, and GitLab.com, as well as detecting and responding to security incidents. The Security Analysts in Security Operations play a vital role in identifying and responding to incidents, and using the resulting knowledge and experience to help build automated methods of remediating these issues in the future.

Security Operations Analyst Responsibilities

Respond and assist with security requests and incidents submitted by GitLab team-members
Review logging, alerting, and audit sources to identify potential security incidents
Act on security incidents identified through monitoring and alerting sources
Contribute to the creation and upkeep of runbooks to handle security incidents
Work closely with the Security Operations Engineers to improve incident alertings and automated remediation

Senior Security Operations Analyst Responsibilities

In addition to the responsibilities of a Security Analyst in Security Operations:
Leverages security expertise in at least one specialty area
Triage and act on escalated security incidents independently
Conduct incident RCA’s and propose security improvements to prevent or minimize future incidents
Screen security candidates during the hiring process
Mentor Security Analyst to improve technical and procedural skills

Performance Indicators

Security Analysts have job-family performance indicators defined by each sub department leader.

Hiring Process

Candidates for this position can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

Qualified candidates receive a short questionnaire from our Recruiting team
Selected candidates will be invited to schedule a 30 minute screening call with our Recruiting team
Next, candidates will be invited to schedule an interview with the Hiring Manager
Candidates will then be invited to schedule an interview with the Hiring Manager defined panel
Candidates will then be invited to schedule an additional interview with the sub-department Director
Finally, candidates may be asked to interview with the VP of Security, Chief Technology Officer or CEO (at leadership discretion)
Successful candidates will subsequently be made an offer via email

As always, the interviews and screening call will be conducted via a video call. See more details about our hiring process on the hiring handbook.

External Communications

HackerOne Outreach and Engagement

Career Ladder

For more details on the engineering career ladders, please review the engineering career development handbook page.

About Gitlab

GitLab Inc. is a company based on the GitLab open-source project. GitLab is a community project to which over 2,200 people worldwide have contributed. We are an active participant in this community, trying to serve its needs and lead by example. We have one vision: everyone can contribute to all digital content, and our mission is to change all creative work from read-only to read-write so that everyone can contribute.

We value results, transparency, sharing, freedom, efficiency, self-learning, frugality, collaboration, directness, kindness, diversity, inclusion and belonging, boring solutions, and quirkiness. If these values match your personality, work ethic, and personal goals, we encourage you to visit our primer to learn more. Open source is our culture, our way of life, our story, and what makes us truly unique.

Top 10 Reasons to Work for GitLab:

Mission: Everyone can contribute
Results: Fast growth, ambitious vision
Flexible Work Hours: Plan your day so you are there for other people & have time for personal interests
Transparency: Over 2,000 webpages in GitLab handbook, GitLab Unfiltered YouTube channel
Iteration: Empower people to be effective & have an impact, Merge Request rate, We dogfood our own product, Directly responsible individuals
Diversity, Inclusion & Belonging: A focus on gender parity, Team Member Resource Groups, other initiatives
Collaboration: Kindness, saying thanks, intentionally organize informal communication, no ego
Total Rewards: Competitive market rates for compensation, Equity compensation, global benefits (inclusive of office equipment)
Work/Life Harmony: Flexible workday, Family and Friends days
Remote Done Right: One of the world's largest all-remote companies, prolific inventor of remote best practices

See our culture page for more!

Work remotely from anywhere in the world. Curious to see what that looks like? Check out our remote manifesto and guides.

Last modified May 4, 2023: Refactor Job Families, clean up Values Migration (610c577a)