Full Description
GitLab is an open-core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations.
Our mission is to enable everyone to contribute to and co-create the software that powers our world.
Our platform unites teams and organizations, breaking down barriers and redefining what's possible in software development.
Thanks to products like Duo Enterprise and Duo Agent Platform , customers get AI benefits at every stage of the SDLC.
The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier, with all team members expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact.
Our high-performance culture is driven by our values and continuous knowledge exchange, enabling our team members to reach their full potential while collaborating with industry leaders to solve complex problems.
Co-create the future with us as we build technology that transforms how the world develops software.
The GitLab Product Security Incident Response Team (PSIRT) analyzes and validates reports of vulnerabilities in GitLab products and services, collaborates with GitLab engineers and product teams to remediate and mitigate security vulnerabilities to protect customers, and drives continuous security improvement through sharing insights and lessons learned.
Reproduce, assess, and document vulnerabilities, perform variant hunting, and contribute to exploitability research on security issues reported in GitLab’s products and services.
Support security release preparation activities.
Contribute to clear and actionable documentation that explains vulnerability impact, risk, and remediation guidance for technical and non-technical audiences, helping to scale PSIRT knowledge and practices across GitLab.
Demonstrated experience managing vulnerability triage, remediation, and disclosure in a software security context, such as through a PSIRT, bug bounty program, or security response team.
Strong understanding, and effective communication of code security and how to detect and remediate various classes of security defects and logic vulnerabilities.
Programming experience or scripting experience (Ruby, Ruby on Rails, TypeScript, JavaScript, and/or Go preferred), and an ability to read and understand code for fix validation and root cause analysis purposes.
Experience performing Application Penetration Testing or Vulnerability Research / Bug Bounty Hunting. (Ability to discover and identify fixes for SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities is a plus).
Understanding of common security vulnerabilities and security impact frameworks (e.g., OWASP Top 10, STRIDE) as well as common security frameworks and standards (CVE, CWE, CVSS, etc).
Demonstrated ability to learn new technical concepts in cloud and web application security assessment.
Flexible, effective, and inclusive communication skills that create clarity; you will collaborate with technical and non-technical audiences across multiple teams on security bug types and how to mitigate or remediate security issues.
Demonstrated critical and creative thinking, while also being an effective member of a team.
Experience with standard web application security tools such as BurpSuite.
Flexible and constructive approach to problem solving that helps you navigate ambiguity and drive results.
Proficiency in the English language, both written and verbal, sufficient for success in a remote and largely asynchronous work environment
Home office support
All of our roles are remote, however some roles may carry specific location-based eligibility requirements.
Our Talent Acquisition team can help answer any questions about location after starting the recruiting process.
Privacy Policy: Please review our Recruitment Privacy Policy.
GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis protected by law.
See also GitLab’s EEO Policy and EEO is the Law . If you have a disability or special need that requires accommodation , please let us know during the recruiting process .
Find AI, ML, Data Science Jobs By Location
Find Jobs By Position