Director of Engineering, Security Risk Management
at GitLab
π Canada
π Switzerland
π Germany
π Spain
π France
π United Kingdom
π Netherlands
π United States
π Switzerland
π Germany
π Spain
π France
π United Kingdom
π Netherlands
π United States
USD 194,800-365,200 per year
Used Tools & Technologies
Not specified
Required Skills & Competences
Tag name is followed by "@" symbol and proficiency level value.
About proficiency levels:
- 1-2 β basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 β daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 β you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 β exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Security @ 4
Kafka @ 7
Kubernetes @ 4
A/B Testing @ 4
Distributed Systems @ 4
Flink @ 7
Machine Learning @ 4
Leadership @ 4
Communication @ 4
PostgreSQL @ 4
Performance Optimization @ 4
Microservices @ 4
Product Management @ 4
API @ 4
Technical Leadership @ 4
System Architecture @ 4
Audit @ 4
Compliance @ 4
Observability @ 4
AI @ 4
- 1-2 β basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 β daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 β you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 β exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Details
GitLab is the intelligent orchestration platform for DevSecOps focused on enabling organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. The Security Risk Management (SRM) stage is responsible for vulnerability analysis and remediation at enterprise scale. This role will lead the technical strategy and engineering culture for processing, analyzing, and remediating vulnerabilities across massive codebases and complex enterprise environments.
Responsibilities
Technical Leadership & Architecture
- Design distributed systems architecture capable of processing vulnerability data from thousands of repositories, millions of commits, and complex dependency graphs in real-time
- Drive storage system decisions for multi-petabyte security datasets, balancing query performance, cost efficiency, and data retention requirements across time-series, graph, and document storage paradigms
- Architect scalable analysis pipelines that can ingest vulnerability feeds, correlate findings across multiple security tools, and provide actionable intelligence to both security teams and individual developers
- Lead the technical evolution from monolithic security scanning to microservices-based, event-driven vulnerability management systems
Engineering Culture Transformation
- Champion high-performance systems thinking, establishing patterns for horizontal scaling, efficient resource utilization, and fault-tolerant distributed computing
- Establish technical standards for system observability, chaos engineering, and performance optimization in security-critical systems
- Mentor and develop senior engineers in distributed systems design, database optimization, and large-scale system architecture
- Drive architectural decision records (ADRs) for major technical decisions
Product & User Experience
- Own the end-to-end user journey (in partnership with Product Management) for both AppSec professionals and developers receiving actionable security feedback
- Design APIs and interfaces that abstract complexity while providing power and flexibility to security professionals
- Collaborate with Product Management, UX and Product Design to translate technical capabilities into intuitive user experiences
- Establish feedback loops with large enterprise customers to ensure solutions scale with organizational complexity
Strategic Technical Execution
- Evaluate and integrate technologies such as graph databases, stream processing, machine learning inference at scale, and distributed caching in collaboration with Infrastructure, Data and AI teams
- Own the technical roadmap for vulnerability correlation, risk scoring, and automated remediation workflows
- Drive partnerships with other GitLab stages to ensure seamless integration across the DevSecOps platform
- Lead incident response for availability and performance issues in customer-facing security systems
Requirements
Technical Expertise
- 10+ years of software engineering experience with 5+ years leading distributed systems at scale (>100M daily operations)
- Deep expertise designing and operating high-throughput, low-latency distributed systems with complex data models
- Proven experience with polyglot persistence strategies, including relational databases (PostgreSQL, Cloud Spanner), time-series databases, graph databases, and distributed key-value stores
- Strong background in stream processing frameworks (Apache Kafka, Apache Flink, or similar) and event-driven architectures
- Hands-on experience with container orchestration (Kubernetes) and cloud-native observability stacks
- Security domain knowledge with understanding of vulnerability assessment, static analysis, dependency scanning, or application security testing
Leadership & Communication
- Proven track record of leading and growing high-performing engineering teams (40+ engineers)
- Experience transforming engineering culture and establishing technical excellence standards
- Strong technical communication skills with ability to present complex architectural decisions to executive stakeholders
- Collaborative leadership style and experience working across multiple engineering teams and product stakeholders
Problem-Solving & Innovation
- Systems thinking approach with ability to make trade-offs between performance, scalability, and maintainability
- Experience with A/B testing frameworks and data-driven decision making
- Track record of delivering large-scale technical migrations or architectural transformations
- Startup or high-growth company experience and ability to balance technical debt with rapid feature delivery
About the team / Technical challenge
Security Risk Management enables how Fortune 500 companies protect applications and how millions of developers integrate security into their workflows. Key technical challenges include:
- Scale: processing vulnerability data for organizations with 100,000+ repositories and millions of developers
- Performance: sub-second query response times for complex security analytics across massive datasets
- Reliability: 99.95%+ uptime SLAs for security-critical workflows
- Complexity: correlating findings across 20+ different security tools while maintaining data lineage and audit trails
- User Experience: making complex security data accessible to both security experts and developers
Compensation
United States Salary Range: $194,800 - $365,200 USD (base salary range for US residents)
Benefits
- Benefits to support your health, finances, and well-being
- Flexible Paid Time Off
- Team Member Resource Groups
- Equity Compensation & Employee Stock Purchase Plan
- Growth and Development Fund
- Parental leave
- Home office support
Additional Notes
- Role is remote; GitLab hires new team members in countries around the world and some roles may carry location-based eligibility requirements. The Talent Acquisition team can answer location questions during recruiting.