Used Tools & Technologies
Not specified
Required Skills & Competences
Tag name is followed by "@" symbol and proficiency level value.
About proficiency levels:
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Security @ 4
DevOps @ 4
CI/CD @ 3
Leadership @ 4
Communication @ 7
Prioritization @ 4
API @ 4
Reporting @ 4
OWASP @ 4
AI @ 4
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Details
GitLab is seeking a Vice President of Product Security to define how security is built into GitLab's AI-powered DevSecOps platform and supporting products and services. Reporting to the Chief Information Security Officer, this is a product engineering leadership role with end-to-end responsibility for product and service security, prioritizing secure product design and delivery while also overseeing infrastructure and cloud security that supports the product.
Responsibilities
- Set the long-term strategy and operating model for Product Security across GitLab.com, GitLab Dedicated, and self-managed offerings.
- Lead a global, multi-disciplinary organization spanning Application Security, Product Security Engineering / security tooling, Security Architecture and Platforms, Vulnerability Management, Product Security Incident Response (PSIRT), and Infrastructure/Cloud/Data Security.
- Partner with CTO, CPO, CISO, VP of AI Engineering, and R&D leaders to embed security into product architecture, planning, and delivery.
- Own the roadmap for core security services and developer-facing platform capabilities, including authentication, authorization, secrets management, auditability, and security APIs.
- Drive secure design reviews, threat modeling, and risk-based security practices that enable fast product delivery without unnecessary friction.
- Guide GitLab's approach to AI and agentic security (prompt injection defenses, model and data protections, governance for AI features) and make risk acceptance decisions for new AI surfaces.
- Oversee vulnerability management, PSIRT, and bug bounty operations; use trends and root-cause analysis to inform product and process improvements.
- Establish security metrics, planning inputs, and risk visibility to support executive decision-making, customer conversations, and engineering prioritization.
Requirements
- Senior engineering or security leader experience with strong product engineering credibility and ownership of security-relevant product architecture.
- Experience building, shipping, and operating services in a high-growth SaaS or AI environment, with an understanding of fast-moving product teams and trade-offs of shipping at scale.
- Experience leading multi-disciplinary, distributed teams through Directors, Senior Managers, and senior individual contributors in a remote-first setting.
- Knowledge and hands-on familiarity with secure design, threat modeling, web application and API security, modern authentication and authorization patterns, secrets management, and permission models.
- Familiarity with software supply chain security, CI/CD pipelines, vulnerability management, incident response, and cloud security concepts.
- Experience partnering with Product, Engineering, AI, and Security leaders to convert risk, customer needs, and technical trade-offs into practical roadmaps and decisions.
- Strong written and verbal communication skills for presenting technical risk and business trade-offs to executives, customers, and stakeholders.
- Openness to candidates from different career paths (product engineering leaders with security ownership or security leaders who have built and shipped products).
- Must be a United States citizen due to government requirements for this position.
Nice-to-have: experience with developer tools, DevOps/DevSecOps platforms, large-scale open-source projects, security standards and frameworks (OWASP, NIST, SLSA), bug bounty/coordinated disclosure programs, or regulated/security-sensitive customer environments (financial services, government, healthcare).
About the team
The Product Security Department sits within GitLab's Security Division and reports to the CISO. Product Security teams are embedded with product and engineering counterparts, work in the open, contribute to the GitLab codebase, and focus on accelerating shipping while improving security.
Compensation
United States base salary range: $297,600 - $360,000 USD (base salary only; does not include bonuses, equity, or benefits).
Benefits
- Health, financial, and well-being benefits
- Flexible Paid Time Off
- Team Member Resource Groups
- Equity compensation & Employee Stock Purchase Plan
- Growth and Development Fund
- Parental Leave
Additional notes
- The role is remote but has a United States location/eligibility requirement (must be a U.S. citizen). GitLab hires globally for many roles, but some roles carry location-based eligibility requirements.
- GitLab expects team members to incorporate AI as a productivity multiplier in daily workflows.