Senior Security Engineer, Application Security (Emea)

Senior Security Engineer, Application Security

GitLab is an open-core software company that develops the most comprehensive AI-powered DevSecOps platform, used by more than , organizations.

Our mission is to enable everyone to contribute to and co-create the software that powers our world.

By uniting teams and eliminating barriers, we redefine what is possible in software development and deliver AI benefits at every stage of the SDLC.

The Application Security team works with GitLab engineers and product teams to anticipate and prevent the introduction of vulnerabilities during design and development, ensuring delivery of high quality software that customers can trust.

Conduct security-focused application design and architecture reviews, threat modeling, code review, and security testing assessments, pushing the boundaries by exploring the full impact and demonstrating real exploitation in controlled environments.

Propose and establish secure development practices, develop and refine security standards that support Product and Engineering teams to deliver secure features at high velocity.

Help secure GitLab by directly contributing to the product, providing customer feedback on platform features, capabilities, scope, and technology coverage.

Secure our software supply chain and improve security workflows and controls of our supply chain security.

Identify and drive team maturity opportunities to enable scaling of internal processes, metrics, workflows, and automations as we grow.

Bachelor’s degree or equivalent in Computer Science or equivalent practical education.

5+ years professional experience in computer technology, including IT, technical support, or engineering.

Strong understanding of computer code and ability to detect and remediate common security defects, race conditions, and logic vulnerabilities.

Programming experience in one or more coding languages, preferred Ruby on Rails or Go.

Comfortable with shell scripting to automate recurring work or build PoC exploits.

Strong knowledge of application security concepts such as OWASP Top 10, STRIDE, CVSS, and threat modeling assessments.

Experience with application security practices: code review, threat modeling, static and dynamic analysis (SAST, DAST), and attack surface analysis.

Experience performing application penetration testing or vulnerability research / bug bounty hunting.

Ability to provide subject matter expertise on software architecture design and system security.

Familiar with common security libraries and controls for Ruby on Rails applications.

Demonstrated ability to learn new technical concepts in cloud and web application security assessment.

Strong communication skills, able to collaborate with technical and non-technical audiences across teams.

Fluent in English, both written and verbal, suitable for a remote, asynchronous environment.

Comfortable using Git.

Experience with standard web application security tools such as Brakeman and BurpSuite.

Benefits to support health, finances, and well-being.

Flexible paid time off.

Team Member Resource Groups.

Equity compensation and employee stock purchase plan.

Growth and development fund.

Parental leave.

GitLab is proud to be an equal‑opportunity workplace and is an affirmative action employer.

Our policies and practices related to recruitment, employment, and advancement are based solely on merit, regardless of race, color, religion, ancestry, sex, national origin, age, citizenship, marital status, disability, genetic information, military service or any other protected characteristic.

GitLab will not tolerate discrimination or harassment.

If you have a disability or special need requiring accommodation, please let us know during the recruiting process.