Senior Security Engineer, Application Security

Senior Security Engineer, Application Security (EMEA) Join to apply for the Senior Security Engineer, Application Security (EMEA) role at GitLab GitLab is an open‑core software company with the most comprehensive AI‑powered DevSecOps Platform, used by more than 100,000 organizations. The Application Security team works with GitLab engineers and product teams to anticipate and prevent vulnerabilities during design and development, ensuring high‑quality software GitLab customers can trust. What You'll Do Conduct security‑focused application design and architecture reviews, threat modeling, code review, and security testing assessments. Propose and establish secure development practices and security standards that support Product and Engineering teams. Help secure GitLab by directly contributing to the GitLab product and providing customer feedback on features, capabilities, scope, and technology coverage. Secure our software supply chain and improve security workflows and controls of our supply chain security. Identify and drive maturity opportunities to enable scaling internal processes, metrics, workflows and automations. What You’ll Bring Bachelor’s degree or equivalent in Computer Science or equivalent practical education and experience. 5+ years professional experience in a computer technology field including IT, technical support, or engineering. Very good understanding of computer code and how to detect and remediate security defects. Programming experience in one or more coding languages, with a preference for Ruby on Rails or Go. Comfortable in shell scripting to automate recurring work or build PoC exploits. Strong knowledge of application security concepts such as OWASP Top 10, the STRIDE model, CVSS scoring, and threat modeling assessments. Experience with application security practices including code review, threat modeling, static and dynamic analysis (SAST, DAST), and attack surface analysis. Experience performing application penetration testing or vulnerability research / bug bounty hunting. Ability to provide subject matter expertise on software architecture design and system security. Familiar with common security libraries, security controls, and common security flaws that apply to Ruby on Rails applications. Demonstrated ability to learn new technical concepts in cloud and web application security assessment. Flexible, effective, and inclusive communication skills that create clarity; collaborate with technical and non‑technical audiences across teams. Proficiency in English, both written and verbal, sufficient for remote asynchronous work. Demonstrated critical and creative thinking, while also being an effective member of a team. Comfortable using Git. Experience with standard web application security tools such as Brakeman and BurpSuite. Flexible and constructive approach to problem solving that helps navigate ambiguity and drive results. How GitLab Will Support You Benefits to support health, finances, and well‑being. Flexible Paid Time Off. Team Member Resource Groups. Equity Compensation & Employee Stock Purchase Plan. Growth and Development Fund. Parental leave. Home office support. GitLab is a proud equal‑opportunity workplace and is an affirmative action employer. GitLab’s recruitment, employment, career development, and advancement policies are based solely on merit, and the organization does not tolerate discrimination or harassment based on any protected characteristic. See GitLab’s EEO Policy and EEO is the Law. Seniority level Mid‑Senior level Employment type Full‑time Job function Information Technology Industries IT Services, IT Consulting, and Software Development #J-18808-Ljbffr