Staff Infrastructure Security Engineer – APAC, EMEA

This is a fully remote position, open to applicants in Asia.

📋 Description

• Establish architectural frameworks, reference implementations, and foundational security automation that define how infrastructure security is executed across GitLab.

• Spearhead infrastructure security projects from problem identification through to delivery, transforming ambiguous multi-quarter initiatives into actionable streams with well-defined success metrics.

• Conduct and oversee thorough security assessments and threat modeling for intricate infrastructure components, identifying systemic vulnerabilities and driving remediation efforts across impacted systems.

• Define the team's strategy for AI-enhanced security engineering, pinpointing where AI can provide significant leverage and creating patterns for others to emulate.

• Act as a leading technical authority for Infrastructure Security among our stakeholders, translating architectural trade-offs into clear decisions for engineering teams and senior management.

• Collaborate on technical planning, prioritization, and roadmap formulation to align technical projects with business goals.

• Mentor and develop engineers, elevating the technical standard and exemplifying inclusive collaboration.

• Advance the Product Security Division's mission of securing GitLab Infrastructure using our own product ("dogfooding").

⛳️ Requirements

• In-depth expertise in security for cloud infrastructure (AWS/GCP/Azure), container orchestration (Kubernetes), and related infrastructure and data security issues.

• Proficiency in several programming languages (Go, Python, Ruby) with a proven history of delivering production-quality security tools.

• Extensive experience with Infrastructure-as-Code security (Terraform, Ansible, CloudFormation), policy-as-code, and automated compliance measures.

• Practical experience in integrating AI into security workflows, with a perspective on where it adds significant value.

• Proven track record of steering multi-team technical projects from vague problem definitions to measurable results, establishing a technical direction that peer teams follow.

• Excellent written and verbal communication abilities, capable of articulating security trade-offs to both technical and non-technical audiences, including senior leadership.

• Knowledge of security certifications, frameworks, and standards (FedRAMP, ISO 27001, SOC 2, PCI-DSS).

• Embrace our values and operate in line with those principles.

🏝️ Benefits

• Benefits designed to support your health, financial stability, and overall well-being.

• Flexible Paid Time Off.

• Team Member Resource Groups.

• Equity Compensation & Employee Stock Purchase Plan.

• Growth and Development Fund.

• Parental leave.

• Home office support.