Threat & Vulnerability Management Roles

At GitLab the Threat & Vulnerability Management team is responsible for identifying, tracking and communicating threats and vulnerabilities that may impact GitLab or our customers.

At GitLab the Threat & Vulnerability Management team is responsible for identifying, tracking and communicating threats and vulnerabilities that may impact GitLab or our customers. We accomplish our mission with an automation first approach working closely with our infrastructure, IT, Engineering and Product teams. Our scope encompasses all of GitLab’s cloud infrastucture, our endpoints, our code base and any third party libraries and other dependencies.

Team Roles and Responsibilities

  • Own and execute on a cloud asset management strategy.
  • Own and execute on a vulnerability management strategy across all GitLab cloud environments, our code base and other dependencies.
  • Own and execute on a patch management strategy collaborating with other teams as necessary.
  • Own and execute on threat intelligence efforts collaborating across Security and other teams as necessary.
  • Define a roadmap to continually assess and iterate security best practices for our cloud environments.
  • Support IT, infrastructure and infrastructure security efforts where possible
  • Ensure the protection of both GitLab and GitLab customer data
  • Track new and emerging threats to our environments

Requirements

  • Ability to use GitLab
  • Demonstrated experience in cloud security, threat and vulnerability management, asset management and related topics.
  • Demonstrated experience of running systems at scale.
  • Development experience with Ruby, Go, Python and others.
  • Demonstrated expereince building scalable automation.
  • Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details.
  • Share our values, and work in accordance with those values

Levels

Security Engineer - Threat & Vulnerability Management

This position reports to the Manager, Threat & Vulnerability Management. This position is a job grade 6

Security Engineer - Threat & Vulnerability Management Responsibilities

  • Implement new and iterate on existing technology to help identify and mitigate security issues.
  • Build automation.
  • Validate and triage identified vulnerabilities.
  • Track remediation efforts to their completion.
  • Contribute to team strategy in managing threats and vulnerabilities.
  • Participate in rapid action efforts or other emergency response as needed.

Security Engineer - Threat & Vulnerability Management Requirements

  • A minimum of 2 years experience on a vulnerability management team.
  • Great written and verbal communication skills.
  • Experience with Google Cloud Platform and/or Amazon Web Services.
  • Demonstrated scripting or other automation capabilities.
  • Experience with infrastructure as code.
  • Experience with vulnerability disclosure and bug bounties.

Senior Security Engineer - Threat & Vulnerability Management

This position reports to the Manager, Threat & Vulnerability Management. This position is a job grade 7

Senior Security Engineer - Threat & Vulnerability Management Responsibilities

  • Extends Security Engineer - Threat & Vulnerability Management responsibilities plus;
  • Develop, evangelize, and iterate on threat & vulnerability management practices.
  • Mentor other team members.
  • Own and manage identified threats & vulnerabilities to ensure their complete remediation.
  • Develop and evangelize strategies to proactively manage threats to GitLab and our infrastructure.

Senior Security Engineer - Threat & Vulnerability Management Requirements

  • A minimum of 5 years experience in a vulnerability management role.
  • Excellent written and verbal communication skills.
  • Capability to build working relationships with key stakeholders.

Staff Security Engineer - Threat & Vulnerability Management Responsibilities

  • Extends Senior Security Engineer - Threat & Vulnerability Management responsibilities plus;
  • Lead sub-department wide initiatives.
  • Identify and fix program inefficiencies.
  • Assist with roadmap and overall program direction.

Staff Security Engineer - Threat & Vulnerability Management Requirements

  • A minimum of 5 years experience in a vulnerability management role.
  • Excellent written and verbal communication skills.
  • Capability to build working relationships with key stakeholders.
  • Ability to manage projects from idea to completion.

Manager, Threat & Vulnerability Management Team

This position reports to Director of Threat Management This position is a job grade 8

Manager, Threat & Vulnerability Management Responsibilities

  • Define and iterate a department strategy and direction that addresses the following:
  • Multi-cloud asset management
  • Multi-cloud vulnerability management
  • Multi-cloud patch management
  • Define team structure, technical needs and job descriptions.
  • Hiring
  • Career Development
  • Project Management
  • Team Retrospectives
  • Development department metrics
  • Collaborate across all GitLab departments as necessary to further team strategy and goal.
  • Identify, document and track team quarterly goals (OKRs).
  • Provide tactical oversight and direction to the team.
  • Hold regular 1:1 and team meetings.
  • Ensure project plans and other documentation is always complete.
  • Present on or perform read outs on initiative results to key stakeholders.
  • Provide input and support to other managers across the Security Department.
  • Demonstrate GitLab values and lead by example.

Manager, Threat & Vulnerability Management Qualifications

  • Understanding of Git, and GitLab.
  • Proven track record in executing on a comprehensive vulnerability management program.
  • Demonstrated experience with all major cloud providers.
  • Demonstrated experience with asset management, vulnerability management and patch management methodologies and tools.
  • Experience leading security teams.
  • Experience with a SaaS company.
  • Remote work experience.
  • Robust sense of ownership, urgency, and drive
  • Excellent written and verbal communication skills, especially experience with executive-level communications
  • Capability to make sound decisions in the face of ambiguity and imperfect knowledge
  • Share our values, and work in accordance with those values
  • Alignment with Manager responsibilities as outlined in Leadership at GitLab

Threat Intelligence Specialty

The Threat Intelligence Team is a specialty extension of the Threat & Vulnerability Management Team. Additional responsibilities for this team include;

  • Understand and effectively communicate emerging threats to GitLab and our customers.
  • Implement and iterate on threat intelligence capabilities.
  • Build relationships and collaborate across departments as necessary.

Hiring Process

Candidates for the Vulnerability Management Team Manager can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

  • Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
  • Next, candidates will be invited to schedule a 45-60 minute interview with the Director of Threat Management.
  • Candidates will then be invited to schedule separate 45 minute interviews with three members of the Security Organization
  • Candidates will then be invited to an 30 minute interview with the VP of Security
  • Successful candidates will subsequently be made an offer via email

Additional details about our process can be found on our hiring page.

 

About GitLab

GitLab Inc. is a company based on the GitLab open-source project. GitLab is a community project to which over 2,200 people worldwide have contributed. We are an active participant in this community, trying to serve its needs and lead by example. We have one vision: everyone can contribute to all digital content, and our mission is to change all creative work from read-only to read-write so that everyone can contribute.

We value results, transparency, sharing, freedom, efficiency, self-learning, frugality, collaboration, directness, kindness, diversity, inclusion and belonging, boring solutions, and quirkiness. If these values match your personality, work ethic, and personal goals, we encourage you to visit our primer to learn more. Open source is our culture, our way of life, our story, and what makes us truly unique.

Top 10 Reasons to Work for GitLab:

  1. Mission: Everyone can contribute
  2. Results: Fast growth, ambitious vision
  3. Flexible Work Hours: Plan your day so you are there for other people & have time for personal interests
  4. Transparency: Over 2,000 webpages in GitLab handbook, GitLab Unfiltered YouTube channel
  5. Iteration: Empower people to be effective & have an impact, Merge Request rate, We dogfood our own product, Directly responsible individuals
  6. Diversity, Inclusion & Belonging: A focus on gender parity, Team Member Resource Groups, other initiatives
  7. Collaboration: Kindness, saying thanks, intentionally organize informal communication, no ego
  8. Total Rewards: Competitive market rates for compensation, Equity compensation, global benefits (inclusive of office equipment)
  9. Work/Life Harmony: Flexible workday, Family and Friends days
  10. Remote Done Right: One of the world's largest all-remote companies, prolific inventor of remote best practices

See our culture page for more!

Work remotely from anywhere in the world. Curious to see what that looks like? Check out our remote manifesto and guides.

Last modified October 31, 2023: Update links for all migrated sections (5f71f5a9)
View page source - Edit this page - please contribute. Creative Commons License