Director of Engineering, Security Risk Management

GitlabGitlab·Remote(Remote, Canada; Remote, EMEA; Remote, US)
Software Development
AdjustExcel

WFA Digital Insight

The demand for security experts who can architect and lead distributed systems has skyrocketed, with a 25% increase in job postings over the last year. As companies like Gitlab continue to push the boundaries of DevSecOps, the need for leaders who can balance security, scalability, and innovation has never been more pressing. With over 50 million registered users, Gitlab is at the forefront of this movement. Candidates should be prepared to showcase their expertise in distributed systems design, vulnerability management, and technical leadership, as well as their ability to drive cultural change within a high-performance engineering team.

Job Description

About the Role

The Director of Engineering, Security Risk Management, will play a critical role in driving the evolution of Gitlab's Security Risk Management stage into a world-class platform for vulnerability analysis and remediation at enterprise scale. This involves transforming the engineering culture toward high-performance distributed systems while delivering an exceptional user experience for both Application Security professionals and Developers.

As a key member of the engineering leadership team, the successful candidate will own the technical strategy for processing, analyzing, and remediating vulnerabilities across massive codebases and complex enterprise environments. This role entails driving the technical vision, architecture, and implementation of distributed systems capable of handling real-time vulnerability data from thousands of repositories, millions of commits, and complex dependency graphs.

Gitlab's high-performance culture is driven by its values and continuous knowledge exchange, enabling team members to reach their full potential while collaborating with industry leaders to solve complex problems.

What You Will Do

  • Design distributed systems architecture capable of processing vulnerability data in real-time
  • Drive storage system decisions for multi-petabyte security datasets, balancing query performance, cost efficiency, and data retention requirements
  • Architect scalable analysis pipelines that can ingest vulnerability feeds, correlate findings across multiple security tools, and provide actionable intelligence
  • Lead the technical evolution from monolithic security scanning to microservices-based, event-driven vulnerability management systems
  • Champion high-performance systems thinking throughout the team, establishing patterns for horizontal scaling, efficient resource utilization, and fault-tolerant distributed computing
  • Establish technical standards for system observability, chaos engineering, and performance optimization in security-critical systems
  • Mentor and develop senior engineers in distributed systems design, database optimization, and large-scale system architecture
  • Drive architectural decision records (ADRs) for major technical decisions

What We Are Looking For

  • Proven experience in leading the development of distributed systems, preferably in the security domain
  • Strong expertise in designing and implementing scalable, real-time data processing systems
  • Experience with database optimization and large-scale system architecture
  • Excellent technical leadership skills, with the ability to drive cultural change within a high-performance engineering team
  • Strong understanding of security principles and practices, including vulnerability management and remediation
  • Experience with cloud-based infrastructure and containerization (e.g., Kubernetes)
  • Strong communication and collaboration skills, with the ability to work effectively with cross-functional teams

Nice to Have

  • Experience with AI and machine learning technologies, particularly in the context of security and vulnerability analysis
  • Knowledge of DevSecOps practices and tools (e.g., CI/CD pipelines, security orchestration)
  • Experience with open-source software development and community engagement
  • Certification in security or a related field (e.g., CISSP, CISM)

Benefits and Perks

  • Competitive compensation package
  • Opportunities for professional growth and development in a high-performance engineering team
  • Collaborative, remote work environment with a strong culture of innovation and continuous learning
  • Access to cutting-edge technologies and tools
  • Flexible working hours and generous PTO policy
  • Comprehensive health benefits and wellness programs

How to Stand Out

  • Ensure your resume and cover letter highlight specific experiences with distributed systems design, vulnerability management, and technical leadership.
  • Prepare to discuss your approach to driving cultural change within a high-performance engineering team and how you would implement it.
  • Showcase your understanding of security principles and practices, including vulnerability management and remediation, and be ready to provide examples.
  • Demonstrate your knowledge of cloud-based infrastructure, containerization, and DevSecOps practices.
  • Be prepared to discuss your experience with AI and machine learning technologies, particularly in the context of security and vulnerability analysis.
  • Research Gitlab's values and culture to understand how you can contribute to and thrive in its remote, high-performance environment.

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.