Lead and mature GitLab's security compliance function, overseeing certifications (SOC 2, ISO 27001, FedRAMP), driving automation/AI improvements, and partnering cross-functionally to integrate GRC into business and technical processes. Requires deep frameworks expertise, team leadership, and risk-based mindset.
168k – 245k
Remote8+ YOESecurity Engineering
About the role
What you'll do
Lead and mentor a team focused on security compliance, providing direction, support, and clear priorities while building a high-performing function.
Oversee and expand GitLab's certification portfolio across frameworks such as ISO 27001/17/18, ISO 42001, Service Organization Control 2 (SOC 2), Payment Card Industry (PCI), TiSAX, Cyber Essentials, and Federal Risk and Authorization Management Program (FedRAMP).
Partner with cross-functional stakeholders in IT, Security, Legal, Product, and Engineering to integrate governance, risk, and compliance requirements into business processes and technical systems.
Drive automation within the function by using scripting, coding, and AI-enabled approaches to improve governance, risk, and compliance workflows, including compliance-as-code and policy-as-code practices.
Monitor regulatory changes, emerging frameworks, and industry trends, and use those insights to help shape the team's roadmap and prepare the business for new requirements.
Manage relationships with third-party auditors, assessors, and consultants during activities such as external audits, certification reviews, and penetration tests.
Strengthen the team's security metrics and reporting practices, including preparing and facilitating regular business reviews and giving leadership clear visibility into progress and risk.
Serve as a subject matter expert and thought partner by delivering guidance, training, and security-focused content for internal teams, customers, and senior stakeholders, while helping strengthen GitLab's voice in the broader security market.
What you'll bring
Extensive experience in security compliance, audit, or related governance, risk, and compliance work, including experience supporting external audits.
Deep knowledge of security and compliance frameworks such as SOC 2, ISO 27001, FedRAMP, and National Institute of Standards and Technology (NIST), with public sector or FedRAMP experience preferred.
Experience leading teams and developing people, with the ability to set direction, manage priorities, and build strong partnerships across a distributed organization.
Strong understanding of cloud security, software as a service (SaaS) security models, and DevSecOps practices, with the ability to apply that knowledge in a fast-moving technology environment.
A risk-based mindset that goes beyond checklist compliance and focuses on meaningful control design, testing, and continuous improvement.
Comfort using automation, scripting, or AI-enabled approaches to reduce manual work and improve the scale and efficiency of compliance programs.
Excellent written and verbal communication skills, including the ability to explain complex technical and regulatory topics clearly to auditors, customers, executives, and cross-functional partners.
Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or similar credentials are highly desirable.
Skills
SOC 2ISO 27001FedRAMPNistCisspCismCisaCompliance As CodePolicy As CodeCloud SecurityDevSecOpsRisk ManagementGRC
Lead customer trust programs, security governance, metrics, and awareness at GitLab. Oversee contract reviews, questionnaires, policy development, and cross-functional partnerships to reduce sales friction and demonstrate security posture.
168k – 245k
Remote7+ YOESecurity Engineering
Software Engineer - Security Platform
CloudflareAustin, TX +5
Build and operate secure distributed systems for secrets/key management, PKI, and machine identity across Cloudflare's global network. Requires 8+ years experience in software development, distributed systems, and security implementation.
168k – 275k
Hybrid8+ YOESecurity Engineering
Senior Security Engineer (Detection & Response)
JustworksNew York, NY
Builds, tunes, and deploys security detections using EDR and AWS telemetry, conducts threat hunting, leads incident response, and automates workflows. Requires 5+ years in detection engineering, threat hunting, and AWS security services proficiency.
168k – 235k
Hybrid5+ YOESecurity Engineering
Senior Security Engineer (AI Security)
JustworksNew York, NY
Senior Security Engineer specializing in AI security researches AI threats, evaluates tools and controls, implements security architectures in AWS, and collaborates cross-functionally to enhance security posture. Requires 5+ years in security architecture and 2+ years in AI systems security.
168k – 226k
Hybrid5+ YOESecurity Engineering
Senior Insider Threat Analyst
CoinbaseUnited States
Senior Insider Threat Analyst leading complex investigations, detection, and process improvements to protect digital assets and reduce insider risk at Coinbase.