People Matter

Senior Security Engineer, Vulnerability Management



Posted on Friday, September 15, 2023

The GitLab DevSecOps platform empowers 100,000+ organizations to deliver software faster and more efficiently. We are one of the world’s largest all-remote companies with 2,000+ team members and values that foster a culture where people embrace the belief that everyone can contribute. Learn more about Life at GitLab.

As part of the Threat Management sub-department, the vulnerability management team is responsible for understanding and communicating the risk introduced by vulnerabilities across the company. The scope of the team includes vulnerabilities impacting our cloud footprint and the GitLab product offering. We will accomplish this mission by working closely with other security teams, such as Infrastructure Security and Application Security, and their infrastructure and product counterparts.

Find out more about the Vulnerability Management team HERE.


  • Help execute and iterate on a department strategy and direction that addresses the following:
    • Multi-cloud asset management
    • Multi-cloud vulnerability management
    • Multi-cloud patch management
    • Software vulnerability management
    • Development lifecycle vulnerability management
  • Provide actionable security guidance to teams across the organization
  • Participate in team Retrospectives
  • Development and collection of department metrics
  • Collaborate across all GitLab departments as necessary to further team strategy and goal.
  • Help identify, document and track team quarterly goals (OKRs).
  • Provide tactical oversight and direction to the team.
  • Ensure project plans and other documentation is always complete.
  • Present on or perform read outs on initiative results to key stakeholders.
  • Provide input and support to other team members across the Security Department.
  • Demonstrate GitLab values and lead by example.


  • Understanding of Git, and GitLab.
  • Proven track record of automating security processes.
  • Proven track record in executing on a comprehensive vulnerability management program.
  • Hands on experience with all major cloud providers.
  • Hands on experience with asset management, vulnerability management and patch management methodologies and tools.
  • Experience with a SaaS company.
  • Hands on scripting and automation experience
  • Hands on cloud based tool integration experience
  • Previous development or programming experience (Go, Python, Ruby, Javascript)
  • Remote work experience.
  • Robust sense of ownership, urgency, and drive
  • Excellent written and verbal communication skills, especially experience with executive-level communications
  • Capability to make sound decisions in the face of ambiguity and imperfect knowledge
  • Share our values, and work in accordance with those values
This position is remote based.

How GitLab will support you

Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application.

Country Hiring Guidelines: GitLab hires new team members in countries around the world. All of our roles are remote, however some roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process.

Privacy Policy: Please review our Recruitment Privacy Policy. Your privacy is important to us.

GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics. See also GitLab’s EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know during the recruiting process.