Apply on Employer Site

GitLab · 2 weeks ago

Principal Infrastructure Security Engineer

United States

Full-time

Remote

Lead/Staff

GitLab is an open-core software company that develops an AI-powered DevSecOps Platform used by over 100,000 organizations. The role involves working with teams across GitLab to ensure the security and resiliency of public cloud infrastructure, driving the implementation of security capabilities and mentoring engineers.

Cloud SecurityDeveloper ToolsDevOpsOpen SourceSaaS

Comp. & Benefits

Responsibilities

Independently define multi-year security strategy components for cloud infrastructure, including compute, networking, storage, and orchestration platforms, balancing security risk with operational and business requirements

Design and scope infrastructure security initiatives for the team to execute, breaking down complex problems into actionable work streams with clear success criteria

Architect and drive implementation of security automation, frameworks, and tooling that become foundational to infrastructure operations (e.g., secrets management, certificate automation, security agents)

Conduct and lead comprehensive security reviews and threat modeling for complex infrastructure components

Drive adoption of infrastructure security standards across engineering teams through technical influence, reference implementations, and hands-on enablement

Quantify and distill architectural tradeoffs into clear decisions for Engineers and Senior Leadership

Serve as the go-to expert for Infrastructure Security across the company, providing authoritative technical guidance

Mentor and develop engineers, elevating the technical leadership and modeling inclusive collaboration

Fulfill the Product Security Division Mission of securing GitLab Infrastructure with our own product (“dogfooding”)

Qualification

Cloud infrastructure securityContainer orchestrationTechnical leadershipDistributed systems designSecurity certifications knowledgeMentoring engineersTechnical influenceCollaboration

Required

Expert-level knowledge of security for cloud infrastructure (AWS/GCP/Azure), container orchestration (Kubernetes) and related infrastructure and data security topics

Demonstrated ability to translate complex security concepts into clear, actionable recommendations

Principal-level technical leadership: ability to set strategy, influence across organizations, and mentor senior engineers

Extensive experience designing, developing, and operating large distributed systems in a SaaS context

Track record of leading projects with ambiguous requirements that delivered measurable business impact

Demonstrated history of driving technical strategy that influenced organization-wide security posture

Understanding of security certifications, frameworks, and standards, like FedRAMP, ISO 27001, SOC 2, PCI-DSS, etc

Share our values, and work in accordance with those values