Senior Security Engineer - Enterprise AI Security

Remote, APAC; Remote, Canada; Remote, US

GitLab is an open-core software company that develops the most comprehensive AI-powered DevSecOps Platform , used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world.

We're looking for a Senior Security Engineer to lead security for GitLab's internal AI initiatives. You'll establish security frameworks for AI/ML systems used by our global workforce, ensuring responsible AI adoption while protecting against AI-specific threats.

What you'll do:

• Design AI Security Architecture: Build comprehensive security frameworks for internal AI systems, including LLMs, productivity tools, and AI-powered business applications used by GitLab team members.
• Secure Model Context Protocol (MCP) Implementations: Monitor and secure MCP server deployments, establish authentication standards, and implement monitoring for MCP interactions across internal tools and development environments
• Manage Non-Human Identities: Architect identity management systems for AI agents, service accounts, and automated systems. Implement zero-trust principles and least-privilege access controls for machine-to-machine communications
• Govern Internal AI Tool Usage: Secure employee use of AI assistants (ChatGPT, Claude, through DLP controls, monitoring, and policy enforcement while protecting intellectual property and confidential data.
• Product & Product Security Collaboration: Work with our Product and Product Security teams as necessary on GitLab Duo and other internal use cases.
• Implement Data Protection Controls: Prevent sensitive corporate data leakage through AI systems, establish data classification frameworks, and design privacy-preserving techniques for internal AI analytics
• Drive Cross-Functional Collaboration: Partner with IT, Legal, Product, Product Security and business teams to enable secure AI adoption, provide security training, and evaluate new AI tools through procurement processes

• 5+ years information security experience with 2+ years in enterprise AI/ML security
• Deep expertise in enterprise AI adoption, shadow IT risks, and data loss prevention
• Strong experience with identity and access management, particularly non-human identity governance
• Proven experience managing service accounts, API keys, certificates, secrets management, and automated system authentication
• Proficiency in cloud security (AWS, GCP, Azure) and scripting (Python, Go, Ruby, Node.js)
• Understanding of API security, OAuth, SAML, and modern authentication protocols
• Excellent communication skills for GitLab's transparent, asynchronous, and global culture

• Experience with Model Context Protocol (MCP) and similar AI integration protocols
• Hands-on experience managing enterprise AI deployments and governance programs
• Experience with Enterprise AI platforms (OpenAI, Anthropic, Google Vertex AI, AWS Bedrock, etc)
• Published research or contributions to enterprise AI security communities

GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis protected by law.

California/Colorado/Hawaii/New Jersey/New York/Washington/DC/Illinois/Minnesota pay range: $124,300 - $239,800 USD