GitLab Senior Security Engineer, Red Team

Posted on April 10th, 2019

This position is remote based.
 
The Security Team at GitLab works on securing our product and on internal security. On the product side, this includes the open source version of GitLab, the enterprise editions, and the GitLab.com service. Security Engineers work with peers on cross-functional teams dedicated to areas of the product. They also work together with product managers, developers, and infrastructure teams to solve common goals.
 
Red Team specialists emulate adversary activity to better GitLab's enterprise and product security. The role requires the ability to think like an advanced persistent threat. Creativity is key. For example, develop attack plans and stealthily execute them to compromise sensitive information on GitLab.com such as private repos, or develop and distribute malware to GitLabbers to demonstrate how the corporate enterprise could be compromised.

Responsibilities

    • Utilize threat modeling concepts and frameworks such as MITRE ATT&CK, STRIDE, etc. to continually identify ways to protect and defend GitLab assets by executing attacks that emulate a range of adversaries
    • Focus on designing, researching, and executing attacks to challenge the blue team
    • Strive to identify weaknesses within GitLab products and corporate network and demonstrate the associated risks 
    • Contribute to the GitLab Secure and Defend products
    • Incorporate current security trends, advisories, publications, and academic research
    • Understand CND technologies to bypass these security controls and stay undetected
    • Report on the Red Team engagements providing an in-depth analysis of the security issues identified
    • Identify complex security vulnerabilities and exploit them before an external attacker can exploit them
    • Determine the level of effort required to compromise sensitive data
    • Publish blog posts and present talks at security conferences
    • Contribute to GitLab products by testing and proposing new features

Requirements

    • At least 2-3 years of direct experience as an Individual Contributor in specialty
    • If offered the position, you can start within 1 month's timeframe
    • You have a passion for security and open source
    • You are a team player, and enjoy collaborating with cross-functional teams
    • You are a great communicator
    • You employ a flexible and constructive approach when solving problems
    • You share our values, and work in accordance with those values

Compensation

Remote-AUS
Apply for this Position