Staff Security Engineer, Product Security Risk & Metrics

Join to apply for the Staff Security Engineer, Product Security Risk & Metrics role at GitLab.

GitLab is an open core software company developing the most comprehensive AI-powered DevSecOps Platform, used by over 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world, fostering a culture of contribution and innovation.

This role focuses on developing Key Risk Indicators (KRIs), designing data collection systems, and creating visualizations to demonstrate our product security posture, measure team effectiveness, and drive data-informed decisions. You will operationalize our Product Security Risk Register and facilitate cross-functional alignment to ensure risk reduction initiatives are effectively managed.

• Create and maintain KRIs to monitor product security risks
• Engineer tracking systems and visualizations for risk and remediation progress
• Apply data analysis to identify trends and inform risk management
• Design metrics collection systems for strategic and operational effectiveness
• Maintain the Product Security Risk Register and related workflows
• Manage operational cadences like risk reviews and action tracking
• Coordinate across teams to align risk reduction efforts
• Ensure risk tracking aligns with broader risk management programs
• Serve as the central coordinator for risk register operations and stakeholder reporting

• 5+ years in product security, DevSecOps, risk management, or data analytics
• Understanding of secure development and product security risks
• Experience developing security metrics, KRIs, and dashboards
• Ability to translate security data into visual insights
• Proficiency with visualization tools (e.g., Tableau, Power BI)
• Experience with workflows in ticketing systems like GitLab, Jira, Asana
• Strong analytical skills and experience with automation and scripting
• Stakeholder management and communication skills

• Experience with security initiatives in product and engineering teams
• Familiarity with GitLab and DevSecOps
• Experience with risk registers, vulnerability management, threat modeling, security reviews, pentesting
• Security certifications (CISSP, CISM, CRISC, etc.) and project management certifications (PMP)
• Knowledge of risk assessment frameworks (NIST RMF, FAIR, ISO 31000) and compliance standards (FedRAMP, SOC 2, ISO 27001, PCI-DSS)
• Experience in a rapidly scaling tech environment

We are committed to diversity and equal opportunity. All roles are remote, with location-based eligibility where applicable. Review our Privacy Policy.