GitLab - Director of Engineering, Security Risk Management

• Own the end-to-end user journey (in partnership with PM) for both AppSec professionals managing enterprise-wide risk and developers receiving actionable security feedback in their workflow • Design APIs and interfaces that abstract complexity while providing the power and flexibility that security professionals demand • Collaborate with Product Management, UX and Product Design to translate complex technical capabilities into intuitive user experiences • Establish feedback loops with large enterprise customers to ensure our technical solutions scale with their organizational complexity • Strategic Technical Execution • Evaluate and integrate cutting-edge technologies in areas such as graph databases, stream processing, machine learning inference at scale, and distributed caching, in collaboration with GitLab’s Infrastructure, Data and AI teams • Own the technical roadmap for vulnerability correlation, risk scoring, and automated remediation workflows • Drive partnerships with other GitLab stages to ensure seamless integration across the DevSecOps platform • Lead incident response for availability and performance issues in customer-facing security systems • Technical Expertise • 10+ years of software engineering experience with 5+ years leading distributed systems at scale (>100M daily operations) • Deep expertise in designing and operating high-throughput, low-latency distributed systems with complex data models • Proven experience with polyglot persistence strategies, including relational databases (PostgreSQL, Cloud Spanner), time-series databases, graph databases, and distributed key-value stores • Strong background in stream processing frameworks (Apache Kafka, Apache Flink, or similar) and event-driven architectures • Hands-on experience with container orchestration (Kubernetes) and cloud-native observability stacks • Security domain knowledge with understanding of vulnerability assessment, static analysis, dependency scanning, or application security testing • Leadership & Communication • Proven track record of leading and growing high-performing engineering teams (40+ engineers) • Experience transforming engineering culture and establishing technical excellence standards in fast-growing organizations • Strong technical communication skills with ability to present complex architectural decisions to executive stakeholders • Collaborative leadership style with experience working across multiple engineering teams and product stakeholders • Problem-Solving & Innovation • Systems thinking approach to complex technical problems with demonstrated ability to make appropriate trade-offs between performance, scalability, and maintainability • Experience with A/B testing frameworks and data-driven decision making in technical contexts • Track record of successfully delivering large-scale technical migrations or architectural transformations • Startup or high-growth company experience with ability to balance technical debt with rapid feature delivery • Security Risk Management sits at the heart of modern DevSecOps. The systems you build will directly impact how Fortune 500 companies protect their applications and how millions of developers integrate security into their daily workflow. You'll have the opportunity to define the future of application security tooling while working with some of the most challenging distributed systems problems in the industry. • The Technical Challenge • You'll be solving some of the most interesting distributed systems problems in the security space: • Scale: Processing vulnerability data for organizations with 100,000+ repositories and millions of developers • Performance: Sub-second query response times for complex security analytics across massive datasets • Reliability: 99.95%+ uptime SLAs for security-critical workflows that can't afford downtime • Complexity: Correlating findings across 20+ different security tools while maintaining data lineage and audit trails • User Experience: Making complex security data accessible to both security experts and developers with varying security expertise • The base salary range for this role’s listed level is currently for residents of the United States only. This range is intended to reflect the role's base salary rate in locations throughout the US. Grade level and salary ranges are determined through interviews and a review of education, experience, knowledge, skills, abilities of the applicant, equity with other team members, alignment with market data, and geographic location. The base salary range does not include any bonuses, equity, or benefits. See more information on our benefits and equity. Sales roles are also eligible for incentive pay targeted at up to 100% of the offered base salary.