Get daily remote job opportunities in your inbox

No middlemen, no spam, no infinite scrolling.

Get relevant job opportunities, one email at a time.

Unsubscribe at any time.

Back to Remote jobs  >   All others
Staff Security Engineer, Product Security Risk & Metrics @GitLab

[Hiring] Staff Security Engineer, Product Security Risk & Metrics @GitLab

Mar 30, 2025 - GitLab is hiring a remote Staff Security Engineer, Product Security Risk & Metrics. 💸 Salary: unspecified. 📍Location: EMEA, Canada.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

We are seeking a Staff Security Engineer to join our Security Architecture team with a specialized focus on product security risk and metrics engineering. This position will develop specialized Key Risk Indicators (KRIs), design data collection systems, and create data visualizations that demonstrate our product security posture improvements, measure Product Security teams’ strategic and operational effectiveness, and drive data-informed security decisions. This engineer will also operationalize our Product Security Risk Register and drive cross-functional alignment across Security, Engineering, and Product stakeholders to ensure buy-in and commitment to risk reduction initiatives.

The ideal candidate combines product security expertise, data analysis expertise, and strong stakeholder management skills to build frameworks that enhance visibility, prioritization, and progress tracking of our product security initiatives.

  • Create and maintain Key Risk Indicators (KRIs) specifically designed to measure, monitor, and communicate product security risk levels
  • Engineer tracking systems and data visualizations that monitor remediation progress and provide visibility into risk reduction initiatives
  • Apply data analysis techniques to identify trends and patterns in product security risk data to inform proactive risk management
  • Design and implement robust metrics collection systems that accurately measure both strategic and operational effectiveness for all Product Security teams
  • Build and maintain the operational systems for the Product Security Risk Register, focusing on efficient workflows and data collection
  • Manage operational cadences including the monthly risk review process and action item tracking workflows
  • Facilitate cross-team collaboration to ensure risk reduction efforts are properly coordinated and tracked
  • Drive cross-functional alignment between Security, Engineering, Product, and other stakeholders to ensure buy-in and commitment to risk reduction initiatives
  • Work alongside the Security Risk Team to ensure product-specific risk tracking aligns with broader operational and enterprise risk management programs while maintaining distinct focus areas
  • Serve as the central coordinator for the Product Security Risk Register operations, related metrics collection, and stakeholder reporting within the Security Architecture team

Qualifications

  • 5+ years of experience in product security, DevSecOps, security risk management, data analytics, or related technical roles
  • Demonstrated understanding of secure development practices and product security risks
  • Proven experience developing and implementing security metrics, KRIs, and risk dashboards that drive organizational outcomes
  • Proven ability to translate complex security concepts into actionable data and visualizations
  • Proficiency with data visualization and analysis tools (e.g., Tableau, Power BI, or similar)
  • Proficiency in designing workflows and scalable labeling systems in development ticketing systems like GitLab, Jira, Asana, etc.
  • Strong analytical skills with ability to collect, organize, and derive insights from complex data sets
  • Experience with automation and scripting for data collection and reporting
  • Proven ability to manage cross-functional stakeholders, drive consensus, and navigate competing priorities
  • Excellent written and verbal communication skills with the ability to present complex data in accessible formats

Nice to have qualifications

  • Experience working directly with product and engineering teams on security initiatives
  • Familiarity with GitLab and its DevSecOps capabilities
  • Prior experience specifically with security risk registers or vulnerability management programs
  • Prior experience with threat modeling, security reviews, or pentesting
  • Security certifications such as CISSP, CISM, CRISC, CRM, etc.
  • Project management certifications like PMP
  • Experience with risk assessment methodologies and frameworks such as NIST RMF, FAIR, ISO 31000, etc.
  • Knowledge of compliance frameworks such as FedRAMP, SOC 2, ISO 27001, PCI-DSS, TISAX, etc.
  • Experience working in a rapidly scaling technology company

Country Hiring Guidelines

GitLab hires new team members in countries around the world. All of our roles are remote, however some roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process.

Privacy Policy

Please review our Recruitment Privacy Policy. Your privacy is important to us.

GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics.

Similar Remote Jobs

More jobs at GitLab

More All Others jobs

More jobs in EMEA

Kickstart Your Job Search

Need advice to apply? Join our free Webinar « 3 Mistakes to Avoid When Looking For A Remote Startup Job (And What To Do Instead) »
Register for free

Unlock 54,771 additional remote jobs, advanced search & email notifications

Get Access Now

Too many emails? Declutter your inbox with Meco

Your home for reading newsletters

Try for free - no card required.
Before You Apply
📍 Be aware of the location restriction for this remote position: EMEA, Canada
Beware of scams! When applying for jobs, you should NEVER have to pay anything. Learn more.
Back to Remote jobs  >   All others
Staff Security Engineer, Product Security Risk & Metrics @GitLab
All others
Salary 💸 unspecified
Remote Location
EMEA, Canada
Job Type unspecified
Posted Mar 30, 2025
Apply for this position Unlock 54,771 Remote Jobs
📍 Be aware of the location restriction for this remote position: EMEA, Canada
Beware of scams! When applying for jobs, you should NEVER have to pay anything. Learn more.
Staff Security Engineer, Product Security Risk & Metrics Apply for this position Unlock 54,771 Remote Jobs
×
  • Unlock 54,771 hidden remote jobs.
  • Your shortcut to remote work. Apply before everyone else.
  • Click and apply. No middlemen, no hassle.
Remotive - Email digest of tips on remote work and productivity | Product Hunt

We’re not like the other sites. Come see why!

50% off in April 2025
  • Single payment
  • Lifetime access
  • Filter by location/skills/salary…
  • Create custom email alerts
  • Private Slack Community

Get relevant job opportunities in your inbox

    Remotive
    Find Remote Jobs
    Hiring Remotely
    Quick Access