[Remote] Staff Infrastructure Security Engineer (APAC, EMEA, or US)

Note: The job is a remote job and is open to candidates in USA. GitLab is the intelligent orchestration platform for DevSecOps, enabling organizations to enhance developer productivity and accelerate digital transformation. As a Staff Security Engineer, you will lead initiatives in infrastructure security, ensuring security capabilities are pragmatically implemented across the platform to empower critical software factories globally.

Responsibilities

• Set architectural patterns, reference implementations, and foundational security automation that shape how infrastructure security is implemented across GitLab
• Lead infrastructure security initiatives from problem framing through delivery, scoping ambiguous multi-quarter work into executable streams with clear success criteria
• Conduct and lead comprehensive security reviews and threat modeling for complex infrastructure components, identifying systemic risks and driving remediation across affected systems
• Set the team's approach to AI-assisted security engineering, identifying where AI can meaningfully increase leverage and establishing patterns others can adopt
• Serve as an authoritative technical voice for Infrastructure Security across our stakeholders, translating architectural tradeoffs into clear decisions for engineering teams and senior leadership
• Partner on technical planning, prioritization, and roadmap development to align technical work with business objectives
• Mentor and develop engineers, raising the technical bar and modeling inclusive collaboration
• Fulfill the Product Security Division Mission of securing GitLab Infrastructure with our own product ("dogfooding")

Skills

• Expert knowledge of security for cloud infrastructure (AWS/GCP/Azure), container orchestration (Kubernetes) and related infrastructure and data security topics
• Proficiency in multiple programming languages (Go, Python, Ruby) with a track record of delivering production-quality security tooling
• Extensive experience with Infrastructure-as-Code security (Terraform, Ansible, CloudFormation), policy-as-code, and automated compliance
• Hands-on experience applying AI to security workflows, with a point of view on where it creates meaningful leverage
• Track record of leading multi-team technical initiatives from ambiguous problem statements to measurable outcomes, setting technical direction that peer teams adopt
• Strong written and verbal communication skills, able to explain security tradeoffs to technical and non-technical audiences, including senior leadership
• Familiarity with security certifications, frameworks, and standards (FedRAMP, ISO 27001, SOC 2, PCI-DSS)
• Share our values, and work in accordance with those values

Benefits

• Benefits to support your health, finances, and well-being
• Flexible Paid Time Off
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and Development Fund
• Parental Leave

Company Overview