Associate Security Engineer, Application Security - Remote

Overview

GitLab is an open-core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world. When everyone can contribute, consumers become contributors, significantly accelerating human progress. Our platform unites teams and organizations, breaking down barriers and redefining what's possible in software development. Thanks to products like Duo Enterprise and Duo Agent Platform, customers get AI benefits at every stage of the SDLC. 

The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier, with all team members expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact. GitLab is where careers accelerate, innovation flourishes, and every voice is valued. Our high-performance culture is driven by our values and continuous knowledge exchange, enabling our team members to reach their full potential while collaborating with industry leaders to solve complex problems. Co-create the future with us as we build technology that transforms how the world develops software.

In Short

• Assist with security-focused code reviews and threat models under guidance from senior team members
• Manage triage of inbound new issues
• Support product and development teams in basic application security activities
• Help reproduce and document application security vulnerabilities clearly and constructively
• Participate in bug bounty program triage and initial assessment
• Support security release preparation activities
• Contribute to documentation and security process improvements

Requirements

• Ability to use GitLab effectively
• Basic development or scripting experience (Ruby, Ruby on Rails, TypeScript, JavaScript, and/or Go preferred), and an ability to read and understand code for security review purposes
• Foundational understanding of common security vulnerabilities and security impact frameworks (e.g., OWASP Top 10, STRIDE)
• Basic familiarity with security tools and concepts
• Strong written and verbal communication skills, and a collaborative mindset that enables you to work well with software development teams
• Ability to learn quickly and adapt to new technologies
• Bachelor's degree in Computer Science, Information Security, or related field, or equivalent practical experience
• 0-2 years of experience in application security, software development, or related field
• Basic understanding of software development lifecycle processes

Benefits

• Benefits to support your health, finances, and well-being
• All remote, asynchronous work environment
• Flexible Paid Time Off
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and development budget
• Parental leave
• Home office support