Home
/
Software Engineering
/
Senior Security Engineer, Red Team
Senior Security Engineer, Red Team-July 2024
Flexible / Remote
Jul 8, 2026
ABOUT GITLAB
GitLab is one of the world’s largest all-remote companies. Our DevOps platform powers 100,000+ organizations.
1,001 - 5,000 employees
Technology, Software
VIEW COMPANY PROFILE >>
About Senior Security Engineer, Red Team

  The GitLab DevSecOps platform empowers 100,000+ organizations to deliver software faster and more efficiently. We are one of the world’s largest all-remote companies with 2,000+ team members and values that foster a culture where people embrace the belief that everyone can contribute. Learn more about Life at GitLab.

  An overview of this role We are looking for an experienced Red Teamer who specializes in CI/CD and software supply chain attacks. You will have worked in an offensive-security role, planning and executing these attacks in modern DevOps environments. Additionally, you will have established yourself as an expert in this area with public blogs, conference talks, and/or open-source tooling.

  Your expertise will help round off the capabilities of our existing team members, and you will work together on a range of attack operations. You will also be given the time and resources to pursue your specialty. We want you to get creative, planning and executing attacks against GitLab.com, CI/CD pipelines, and all the critical components of software delivery.

  We will encourage you to share your research publicly, providing you with an opportunity to further establish yourself as an expert in the field. Our team is incredibly transparent, and the resources we share are used by security organizations around the world.

  We want you to help us be industry leaders at attacking and defending CI/CD and software supply chains. Apply now, and tell us how you will make that happen.

  Some examples of the work we do:

  Stealth operations: The evolution of GitLab's Red Team GitLab Handbook: What the Red Team Does What you’ll do  

  Propose, plan, and execute Red Team operations based on realistic threats to the organization Automate attack techniques, creating custom tooling for specific operations and contributing to general-purpose open source tools Write detailed reports covering the goals and outcomes of Red Team operations, including significant observations and recommendations Collaborate with GitLab’s Security Incident Response Team (SIRT) to improve detection and response capabilities Collaborate with GitLab’s Infrastructure Security Team to propose defensive improvements to cloud environments Collaborate across multiple product teams to propose enhancements and additions to GitLab’s SaaS and self-hosted offerings Collaborate with non-technical teams to propose process and policy enhancements and additions Stay informed on current security trends, advisories, publications, and academic research that is relevant our organization What you’ll bring 

  Experience conducting Red Team (adversary emulation) operations attacking CI/CD systems and software supply chains Deep knowledge of how software developers work and how they may be targeted Public examples of blogs, conference talks, and open-source tooling demonstrating your expertise in CI/CD and supply chain attacks Experience deploying, managing, and operating a Command & Control (C2) framework Senior-level command-line skills with Linux-based operating systems Ability to automate tasks by writing basic scripts/programs - we often use Python and Go Ability to read and understand multiple programming languages, especially Ruby and Go Hands-on experience with at least one of the major cloud providers (GCP, AWS, Azure) An adversarial mindset - you must be able to put yourself in the mind of the attacker Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner About the team

  GitLab’s internal Red Team conducts security exercises that emulate real-world threats. We do this to help assess and improve the effectiveness of the people, processes, and technologies used to keep our organization secure. The Red Team does not perform penetration tests, and the work we do is not focused on delivering a list of vulnerabilities in a specific application or service.

  Malicious actors are not constrained by the narrow focus of traditional security testing. We must take on this adversarial mindset in order to challenge our own assumptions and identify areas for improvement across our entire organization. We do this by emulating the real-world tactics, techniques, and procedures (TTPs) of threats that are most relevant to our environment. This approach allows groups across GitLab to practice detecting and responding to threats in a controlled manner. We can then better understand our current defensive capabilities and work to improve them before we are faced with the real thing.

  Our team heavily values the focus on asynchronous communication at GitLab. We do like to catch up and chat about ongoing work, but we intentionally designed our processes to work 100% remotely and asynchronously. You can read more about this in our blog “How we run Red Team operations remotely”. Long story short - this means less meetings and more time for interesting work.

  We also love GitLab’s transparency value, as it is rare in our line of work. Not only do we want you to find cool ways to break and attack things - we want you to share it with the world. We encourage public sharing of new attack techniques, interesting research, and open-source attack tools.

  How GitLab will support you Benefits to support your health, finances, and well-being All remote, asynchronous work environment Flexible Paid Time Off Team Member Resource Groups Equity Compensation & Employee Stock Purchase Plan Growth and development budget  Parental leave  Home office support Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application.

  Country Hiring Guidelines: GitLab hires new team members in countries around the world. All of our roles are remote, however some roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process.  

  Privacy Policy: Please review our Recruitment Privacy Policy. Your privacy is important to us.

  GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics. See also GitLab’s EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know during the recruiting process.

Comments
Welcome to zdrecruit comments! Please keep conversations courteous and on-topic. To fosterproductive and respectful conversations, you may see comments from our Community Managers.
Sign up to post
Sort by
Show More Comments
SIMILAR JOBS
Transition Engineer
ECI is the leading global provider of managed services, cybersecurity, and business transformation for mid-market financial services organizations across the globe. From its unmatched range of servic
Automation Engineer I
Position Description Job Summary Through the application of engineering fundamentals and advances process control tools, the Automation Engineer will ensure that processes are centered, capable and i
Risk Analyst
  At Bazaarvoice, we create smart shopping experiences. Through our expansive global network, product-passionate community & enterprise technology, we connect thousands of brands and retailers wi
Analyst, Sr Financial
POSITION SUMMARY: This position is primarily responsible for planning budgets and forecasts using historical data, projections, and analytical support. This position will also require analyzing finan
Senior Business Consultant
Cornerstone OnDemand, offers all the tools your organizationneeds to drive compliance, employee skilling and upskilling, and careerdevelopment and planning. Provide your employees with a powerful, en
Lead Salesforce Developer (Hybrid)
Target Hiring Range (1): 132000 Target Hiring Range (2): 172000 Worker Classification: Hybrid Company Description At Fannie Mae, futures are made. The inspiring work we do helps make a home a possibi
Senior Quality Engineer - Trading Technology
FanDuel Group is a world-class team of brands and products that deliver sports betting, gaming and entertainment to millions of US sports fans every day. That's no easy task, and wouldn't be possible
Principal Cyber Engineer
Who is Forcepoint? Forcepoint simplifies security for global businesses and governments. Forcepoint's all-in-one, truly cloud-native platform makes it easy to adopt Zero Trust and prevent the theft o
Staff Software Engineer, Backend - Platform
At Coinbase, our mission is to increase economic freedom around the world, and we couldn’t do this without hiring the best people. We’re a group of hard-working overachievers who are deeply focused o
Engineering Manager - Backend (Platform - Identity)
At Coinbase, our mission is to increase economic freedom around the world, and we couldn’t do this without hiring the best people. We’re a group of hard-working overachievers who are deeply focused o
Copyright 2023-2026 - www.zdrecruit.com All Rights Reserved