Security Analyst
Job Grade
The roles described below are grades: 6, 7, 8
Responsibilities
As a member of the Security Team at GitLab, you will be working towards raising the bar on security for GitLab, Inc. the company, GitLab the product, and GitLab.com. We achieve that by collaborating with cross-functional teams to provide guidance on security best practices across the organization, implementing security requirements and improvements, and reacting to security events and incidents.
Requirements
- Ability to use GitLab
- You share our values, and work in accordance with those values
- You have a passion for security and open source
Levels
Analyst
Security Analyst Responsibilities
- As defined by specialty.
Security Analyst Requirements
- You are a team player, and enjoy collaborating with cross-functional teams
- You are a great communicator
- You employ a flexible and constructive approach when solving problems
Senior Analyst
Senior Security Analyst Responsibilities
- As defined by specialty.
Senior Security Analyst Requirements
- All requirements for a Security Analyst; plus:
- You have strong critical thinking and problem solving skills
- You have the ability to build simple solutions to complex problems
- You assist with recruiting activities and employee onboarding training
- You prioritize collaboration across teams outside of Security
- You have the ability to iterate and improve on existing processes and programs
- You have the ability to build consensus without formal authority
- You have the ability to operate effectively in ambiguity
- You have strong knowledge in most GitLab tools, services, and infrastructure
Staff Analyst
Staff Security Analyst Responsibilities
- As defined by specialty.
Staff Security Analyst Requirements
- All requirements for a Senior Security Analyst; plus:
- You are an industry recognized leader in your field
- You have a proven ability to create new security programs and deliver successful results
- You execute program-level leadership across teams inside and outside of Security
- You have a detailed and comprehensive knowledge of all GitLab tools, services, and infrastructure
Specialties
Anti-Abuse
The Senior Anti-Abuse Analyst is responsible for leading and implementing the various initiatives that relate to improving GitLab’s security.
Senior Anti-Abuse Security Analyst Responsibilities
- Handle tickets/requests escalated to abuse
- Handle DMCA, phishing, malware, botnet, intrusion attempts, DoS, port scanning, spam, spam website, PII and web-crawling abuse reports to point of mitigation of abuse
- Verify proper classification of incoming abuse reports
- Execute messaging to customers on best practices
- Monitoring email, forums, and other communication channels for abuse, and responding accordingly
- Assist with recruiting activities and administrative work
- Making sure internal knowledge reference pages are updated
- Handle communications with independent vulnerability researchers and triage reported abuse cases.
- Educate other developers on anti-abuse cases, workflows and processes.
- Ability to professionally handle communications with outside researchers, users, and customers.
- Ability to communicate clearly on anti-abuse issues.
Security Compliance
Security Operations
Security Operations is responsible for the proactive security measures to protect GitLab the company, GitLab the product, and GitLab.com, as well as detecting and responding to security incidents. The Security Analysts in Security Operations play a vital role in identifying and responding to incidents, and using the resulting knowledge and experience to help build automated methods of remediating these issues in the future.
Security Operations Analyst Responsibilities
- Respond and assist with security requests and incidents submitted by GitLab team-members
- Review logging, alerting, and audit sources to identify potential security incidents
- Act on security incidents identified through monitoring and alerting sources
- Contribute to the creation and upkeep of runbooks to handle security incidents
- Work closely with the Security Operations Engineers to improve incident alertings and automated remediation
Senior Security Operations Analyst Responsibilities
- In addition to the responsibilities of a Security Analyst in Security Operations:
- Leverages security expertise in at least one specialty area
- Triage and act on escalated security incidents independently
- Conduct incident RCA’s and propose security improvements to prevent or minimize future incidents
- Screen security candidates during the hiring process
- Mentor Security Analyst to improve technical and procedural skills
Performance Indicators
Security Analysts have job-family performance indicators defined by each sub department leader.
Hiring Process
Candidates for this position can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.
- Qualified candidates receive a short questionnaire from our Recruiting team
- Selected candidates will be invited to schedule a 30 minute screening call with our Recruiting team
- Next, candidates will be invited to schedule an interview with the Hiring Manager
- Candidates will then be invited to schedule an interview with the Hiring Manager defined panel
- Candidates will then be invited to schedule an additional interview with the sub-department Director
- Finally, candidates may be asked to interview with the VP of Security, Chief Technology Officer or CEO (at leadership discretion)
- Successful candidates will subsequently be made an offer via email
As always, the interviews and screening call will be conducted via a video call. See more details about our hiring process on the hiring handbook.
Career Ladder
For more details on the engineering career ladders, please review the engineering career development handbook page.
About GitLab
GitLab is an open core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world. When everyone can contribute, consumers become contributors, significantly accelerating the rate of human progress. This mission is integral to our culture, influencing how we hire, build products, and lead our industry. We make this possible at GitLab by running our operations on our product and staying aligned with our values. Learn more about Life at GitLab. Thanks to products like Duo Enterprise, and Duo Workflow, customers get the benefit of AI at every stage of the SDLC. The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier. All team members are encouraged and expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact across our global organisation.See our culture page for more!
Work remotely from anywhere in the world. Curious to see what that looks like? Check out our remote manifesto and guides.
64832a18
)