[Remote] Staff Infrastructure Security Engineer (APAC, EMEA, or US)
Note: The job is a remote job and is open to candidates in USA. GitLab is the intelligent orchestration platform for DevSecOps, enabling organizations to enhance developer productivity and accelerate digital transformation. As a Staff Security Engineer, you will lead initiatives in infrastructure security, ensuring security capabilities are pragmatically implemented across the platform to empower critical software factories globally.ResponsibilitiesSet architectural patterns, reference implementations, and foundational security automation that shape how infrastructure security is implemented across GitLabLead infrastructure security initiatives from problem framing through delivery, scoping ambiguous multi-quarter work into executable streams with clear success criteriaConduct and lead comprehensive security reviews and threat modeling for complex infrastructure components, identifying systemic risks and driving remediation across affected systemsSet the team's approach to AI-assisted security engineering, identifying where AI can meaningfully increase leverage and establishing patterns others can adoptServe as an authoritative technical voice for Infrastructure Security across our stakeholders, translating architectural tradeoffs into clear decisions for engineering teams and senior leadershipPartner on technical planning, prioritization, and roadmap development to align technical work with business objectivesMentor and develop engineers, raising the technical bar and modeling inclusive collaborationFulfill the Product Security Division Mission of securing GitLab Infrastructure with our own product ("dogfooding")SkillsExpert knowledge of security for cloud infrastructure (AWS/GCP/Azure), container orchestration (Kubernetes) and related infrastructure and data security topicsProficiency in multiple programming languages (Go, Python, Ruby) with a track record of delivering production-quality security toolingExtensive experience with Infrastructure-as-Code security (Terraform, Ansible, CloudFormation), policy-as-code, and automated complianceHands-on experience applying AI to security workflows, with a point of view on where it creates meaningful leverageTrack record of leading multi-team technical initiatives from ambiguous problem statements to measurable outcomes, setting technical direction that peer teams adoptStrong written and verbal communication skills, able to explain security tradeoffs to technical and non-technical audiences, including senior leadershipFamiliarity with security certifications, frameworks, and standards (FedRAMP, ISO 27001, SOC 2, PCI-DSS)Share our values, and work in accordance with those valuesBenefitsBenefits to support your health, finances, and well-beingFlexible Paid Time OffTeam Member Resource GroupsEquity Compensation & Employee Stock Purchase PlanGrowth and Development FundParental LeaveCompany OverviewGitLab is a web-based Git repository manager that offers a variety of features for software development teams. It was founded in 2014, and is headquartered in San Francisco, California, USA, with a workforce of 1001-5000 employees. Its website is http://about.gitlab.com.