Security Engineer, Application Security

Application Security Engineers work closely with development teams, product managers (PM), and third-party groups (including the paid bug bounty program) to ensure that GitLab products are secure.

Application Security Engineer (Intermediate)

This position reports to the Security Manager, Application Security role at GitLab.

Application Security Engineer (Intermediate) Job Grade

The role is a grade 6.

Application Security Engineer (Intermediate) Responsibilities

• Perform security-focussed code reviews
• Support and consult with product and development teams in the area of application security, including threat modeling and appsec reviews
• Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
• Support the bug bounty program.
• Support the preparation of security releases.
• Assist in development of security processes and automated tooling that prevent classes of security issues.

Learn more about our role on the Application Security Handbook page including our work as Stable Counterparts and our HackerOne process

Application Security Engineer Requirements

• Ability to use GitLab.
• Able to work well with software development teams.
• Experience identifying security issues through code review.
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
• Familiarity with some common security libraries and tools (e.g. static analysis tools, proxying / penetration testing tools).
• Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10).
• Basic development or scripting experience and skills. Ruby, Ruby on Rails, JavaScript, and/or Go are preferred.
• A basic understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols).

Hiring Process

Candidates for this position can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process. To learn more about someone who may be conducting the interview, find their job title on our team page.

• Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
• Next, candidates will be invited to schedule 1 or 2 50-minute interviews with Application Security team member peers.
• Then, candidates will be invited to schedule a 50-minute interview with the Application Security team hiring manager.
• Finally, candidates will be invited to schedule a 30-minute interview with the Director, Security Engineering & Research.

Additional details about our process can be found on our hiring page.

Compensation

The base salary range for this role’s listed level is currently $103,600 - $188,700 for Colorado residents and $103,600 - $210,900 for New York and New Jersey residents only. Grade level and salary ranges are determined through interviews and a review of education, experience, knowledge, skills, abilities of the applicant, equity with other team members, and alignment with market data. See more information on our benefits and equity. Sales roles are also eligible for incentive pay targeted at up to 100% of the offered base salary.

To view the full job description and its compensation calculator, view our handbook. The compensation calculator can be found towards the bottom of the page.

Work remotely from anywhere in the world. Curious to see what that looks like? Check out our remote manifesto and guides.