Apply on Employer Site

GitLab · 2 months ago

Senior PSIRT Security Engineer, EMEA

United States

Full-time

Remote

Senior Level

5+ years exp

GitLab is an open-core software company that develops a comprehensive AI-powered DevSecOps Platform used by over 100,000 organizations. The Senior PSIRT Security Engineer will analyze and validate vulnerability reports, collaborate with engineering teams to remediate security issues, and drive continuous security improvements.

Cloud SecurityDeveloper ToolsDevOpsOpen SourceSaaS

Comp. & Benefits

Responsibilities

Reproduce, assess, and document vulnerabilities, perform variant hunting, and contribute to exploitability research on security issues reported in GitLab’s products and services

Support and consult with product and development teams on effective vulnerability remediation and mitigation

Independently validate vulnerability fixes prior to release

Support security release preparation activities

Automate vulnerability triage related tasks collaborate to mature team processes and documentation

Qualification

Vulnerability triageApplication Penetration TestingCode securityProgramming experienceShell scriptingSecurity frameworksGit proficiencyBurpSuiteEnglish proficiencyEffective communicationCritical thinkingProblem solving

Required

5+ years of experience managing vulnerability triage, remediation, and disclosure in a software security context, such as through a PSIRT, bug bounty program, or security response team

Strong understanding, and effective communication of code security and how to detect and remediate various classes of security defects and logic vulnerabilities

Comfortable in shell scripting to automate recurring work or build PoC exploits

Understanding of common security vulnerabilities and security impact frameworks (e.g., OWASP Top 10, STRIDE) as well as common security frameworks and standards (CVE, CWE, CVSS, etc)

Demonstrated ability to learn new technical concepts in cloud and web application security assessment

Flexible, effective, and inclusive communication skills that create clarity; you will collaborate with technical and non-technical audiences across multiple teams on security bug types and how to mitigate or remediate security issues

Demonstrated critical and creative thinking, while also being an effective member of a team

You're comfortable using Git, and have the ability to use GitLab effectively

Proficiency in the English language, both written and verbal, sufficient for success in a remote and largely asynchronous work environment

Preferred

Programming experience or scripting experience (Ruby, Ruby on Rails, TypeScript, JavaScript, and/or Go preferred)

Experience performing Application Penetration Testing or Vulnerability Research / Bug Bounty Hunting

Ability to discover and identify fixes for SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities is a plus

Experience with standard web application security tools such as BurpSuite