[Hiring] Security Manager, Application Security @GitLab

Role Description

We are seeking a Security Manager, Application Security to drive the AppSec team at the tactical and operational level within the Security Platforms & Architecture (SPA) sub-department. The Application Security team is a key and critical stakeholder in securing GitLab’s product offerings.

In this role, you will manage and develop a team of Application Security Engineers (Intermediate through Staff) who perform security reviews, threat modeling, vulnerability triage, and secure design consultations across GitLab’s product surface. Your team is the front line of Product Security: the people reading the merge requests, talking to engineers, and evaluating features’ security posture before they are released to customers.

You will operate in an environment where feature delivery and platform capabilities are accelerating, architectures and technologies are evolving, and teams are continually balancing ambitious product goals with a strong security posture. In this context, you will help Product Security:

• Ensure that material product security risks and tradeoffs are surfaced, acknowledged, and decided at the right leadership levels.
• Own operational execution for the team and ensure it operates through operational excellence.
• Build capability across every team member through coaching, mentoring, and career development.
• Drive automation and AI-assisted enhancements of repeatable and time-consuming work.

Qualifications

• Demonstrable prior people management experience in application security or a closely related security engineering discipline, preferably in high-velocity R&D organizations.
• Deep familiarity with application security domains: secure code review, threat modeling, vulnerability management, secure SDLC, and common vulnerability classes (OWASP Top 10, CWE).
• Demonstrated success building trust with Product and Engineering peers, influencing security-related decisions, and co-owning outcomes.
• Comfort with AI-augmented workflows and enthusiasm for leveraging tools like GitLab Duo.
• Good at establishing clear guidance and distributing the workload appropriately.
• Accurately scopes the length and difficulty of projects, breaks them into clear process steps with owners and timelines.
• Breaks down complex problems with rigorous analysis, surfacing hidden risks and delivering conclusions that withstand scrutiny.
• Excellent written and verbal communication skills, with demonstrated experience in executive-level communications in an all-remote, asynchronous environment.
• Consistently delivers above expectations, drives measurable results, and raises the performance bar for the entire team.

Requirements

• Experience with security requirements and frameworks relevant to GitLab’s customers (e.g., FedRAMP, ISO 27001, SOC 2, PCI-DSS).
• Experience in DevSecOps or shift-left security models in SaaS or open-source environments.
• Deep familiarity with CI/CD pipeline security, software supply chain security, or identity and access management (AuthN/Z).

Benefits

• Flexible Paid Time Off
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and Development Fund
• Parental leave
• Home office support

Company Description

GitLab is the intelligent orchestration platform for DevSecOps. GitLab enables organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. More than 50 million registered users and more than 50% of the Fortune 100 trust GitLab to ship better, more secure software faster.

GitLab is where careers accelerate, innovation flourishes, and every voice is valued. Our high-performance culture is driven by our values and continuous knowledge exchange, enabling our team members to reach their full potential while collaborating with industry leaders to solve complex problems.