Manager, Infrastructure Security
An overview of this role
Infrastructure Security plays a critical role in GitLab as it holds responsibility for securing the infrastructure components that constitute our public cloud, cloud native, and software pipeline environments. In this high visibility role you’ll be responsible for setting the overall vision and strategy for infrastructure security within GitLab. You’ll work with the broader product security organization to help improve the overall cyber resilience of the GitLab product set for both cloud and self-hosted customers.
Relevant Links:
What you’ll do
Develop and implement the infrastructure security team’s vision and strategic roadmap
Own and be responsible for securing
GitLab’s customer-facing infrastructure which encompasses our multi-tenant, dedicated, government, and on-prem architectures.
Infrastructure that supports GitLab’s software supply chain.
Provide professional guidance and input on infrastructure security within and outside of your team
Collaborate with other security teams in support of
cross-team security efforts
Process improvements
Driving down risk across the organization
Build collaborative cross-functional partnerships with teams across
Infrastructure Engineering
Engineering and Development
Product Management; and
Legal
Manage an existing high performing team of infrastructure security professionals along with hiring new members as appropriate
Lead and mentor your team by
helping grow their skills and experience
fostering a culture of continuous improvement
holding regular 1:1’s
being your team’s role model in terms of exemplifying GitLab company values, positive thinking, and managing conflict
Establish and implement security policies, procedures, standards, and guidelines in support of infrastructure security
This position reports to the VP of Product Security and be expected to
Draft and successfully deliver on quarterly Objectives and Key Results (OKRs)
Align vision and roadmap with the broader product security strategy
What you’ll bring
Experience with:
Public cloud security
Ideally, practical experience with site-reliability engineering
CI/CD at a practitioner level
Google Cloud Platform or Amazon Web Services
Docker, Kubernetes, Cloud Native technologies and Serverless technologies
Managing SaaS infrastructure security related issues especially within regulated environments such as FedRAMP and GDPR
leading and implementing automation implementations in the service of infrastructure security (things like CSPM, Ansible, Terraform, etc)
Knowledge of:
infrastructure security issues, mitigations, and a solid grasp of the current global threat landscape
Distributed architectures
Systems design at an infrastructure component level
Threat modeling at the infrastructure level
Trends and practices in AI security at the infrastructure level
Strongly skilled in:
communication, including verbal, written
presentation skills to a variety of stakeholders
Collaborating with a global and diverse workforce
Adapting to evolving circumstances, technologies, and strategic priorities, while leading complex initiatives
Managing and developing teams of at least 10 people
Able to:
deliver results that are “good enough” in the face of ambiguity and imperfect knowledge
excel in a remote-only, asynchronous, multicultural, and distributed environment
Alignment with Manager responsibilities as outlined in Leadership at GitLab