Principal Field Security Engineer

Job Description

GitLab is an open-core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world. When everyone can contribute, consumers become contributors, significantly accelerating human progress.

Our platform unites teams and organizations, breaking down barriers and redefining what’s possible in software development. Thanks to products like Duo Enterprise and Duo Agent Platform, customers get AI benefits at every stage of the SDLC. The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier, with all team members expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact. GitLab is where careers accelerate, innovation flourishes, and every voice is valued.

Our high-performance culture is driven by our values and continuous knowledge exchange, enabling our team members to reach their full potential while collaborating with industry leaders to solve complex problems. Co-create the future with us as we build technology that transforms how the world develops software.

About the RoleGitLab is seeking an experienced Principal Field Security Engineer to tackle complex customer security challenges at the intersection of technical architecture and business requirements. In this role, you’ll apply deep security expertise to answer technical questions, assess contract requirements, and enable GitLab’s Sales and field organizations to address security problems for enterprise customers. You’ll work directly with customers and internal teams to provide technical guidance, create security content, and help customers understand how GitLab’s security controls meet their compliance and risk management needs.

What You’ll DoCustomer Engagement & AssuranceServe as the primary security point of contact for enterprise customer questions, requests, and concernsJoin customer and prospect meetings to provide expert guidance on GitLab’s security practices and controls in order to address security, privacy, and compliance requirementsBuild and maintain templates, playbooks, fallback positions, and training that simplify and accelerate negotiations. Facilitate customer assurance activities through our Customer Assurance Activities Service DeskProvide escalation support for complex security questionnaires, RFPs, and risk assessmentsContract & Legal ReviewPerform comprehensive contract reviews for both customer agreements and vendor relationshipsAnalyze security and compliance clauses in legal documentsProvide risk-based recommendations and remediation guidance for contractual security requirementsPartner with Legal, Sales, Product, and Procurement teams to negotiate security-related contract terms. Manage escalations, collaborate across other teams, and develop solutions to enable team and business partners to close deals.

Document and track contract-related security obligationsSecurity Evangelism & Thought LeadershipAct as a trusted technical thought leader, developing internal and external security content such as blog posts, whitepapers, technical standards, and field sales enablement training materials. Keep abreast of the rapidly evolving regulatory landscape affecting our agreements.

Identify, track, and facilitate solutions for security related customer trends and improvement areasBuild and strengthen GitLab’s security brand within the industryStrategic InitiativesMaintain and enhance GitLab’s Trust Center and self-service security resourcesProvide strategic recommendations based on customer security concerns in support of revenue growthParticipate in Quarterly Business Reviews to inform product and security roadmap decisionsMentor and provide guidance to Security Assurance team membersDrive continuous improvement of Field Security processes and documentationDesign and implement solutions to enable Sales facing teams to successfully discuss security problems and topics with customersWhat you’ll bring10+ years of experience in information security, with at least 5 years in customer-facing security rolesDeep expertise in security frameworks and standards such as (SOC 2, ISO 27001, FedRAMP, GDPR, NIST, etc. )Proven track record of contract negotiation and security/privacy agreement reviewsExceptional written and verbal communication skills with ability to translate complex technical concepts for diverse audiencesExperience creating security content (blogs, whitepapers, presentations). Experience speaking at conferences is a plus.

Strong understanding of cloud security, SaaS security models, and DevSecOps practicesExperience working cross-functionally with Sales, Legal, Product, and Engineering teamsAbility to balance security risk with business objectivesThe base salary range for this role’s listed level is currently for residents of the United States only. This range is intended to reflect the role’s base salary rate in locations throughout the US. Grade level and salary ranges are determined through interviews and a review of education, experience, knowledge, skills, abilities of the applicant, equity with other team members, alignment with market data, and geographic location.

The base salary range does not include any bonuses, equity, or benefits. See more information on our benefits and equity. Sales roles are also eligible for incentive pay targeted at up to 100% of the offered base salary.

United States Salary Range$200,000 – $280,000 USD

EWJD3