Director of Engineering, Security Risk Management

Posted 2 months ago

Apply Now

Resume Score

Check how well your resume matches this job before you apply.

Sign in to check score

About the role

  • Director of Engineering leading GitLab's Security Risk Management platform development for enterprise-scale vulnerability analysis. Focusing on high-performance distributed systems design and collaboration with cross-functional teams.

Responsibilities

  • Drive the evolution of GitLab's Security Risk Management (SRM) stage into a world-class platform for vulnerability analysis and remediation at enterprise scale.
  • Own the technical strategy for processing, analyzing, and remediating vulnerabilities across massive codebases and complex enterprise environments.
  • Design distributed systems architecture capable of processing vulnerability data from thousands of repositories, millions of commits, and complex dependency graphs in real-time.
  • Drive storage system decisions for multi-petabyte security datasets, balancing query performance, cost efficiency, and data retention requirements across time-series, graph, and document storage paradigms.
  • Architect scalable analysis pipelines that can ingest vulnerability feeds, correlate findings across multiple security tools, and provide actionable intelligence to both security teams and individual developers.
  • Lead the technical evolution from monolithic security scanning to microservices-based, event-driven vulnerability management systems.
  • Champion high-performance systems thinking throughout the team, establishing patterns for horizontal scaling, efficient resource utilization, and fault-tolerant distributed computing.
  • Establish technical standards for system observability, chaos engineering, and performance optimization in security-critical systems.
  • Mentor and develop senior engineers in distributed systems design, database optimization, and large-scale system architecture.
  • Drive architectural decision records (ADRs) for major technical decisions, particularly around data storage, processing frameworks, and system boundaries.
  • Own the end-to-end user journey (in partnership with PM) for both AppSec professionals managing enterprise-wide risk and developers receiving actionable security feedback in their workflow.
  • Design APIs and interfaces that abstract complexity while providing the power and flexibility that security professionals demand.
  • Collaborate with Product Management, UX and Product Design to translate complex technical capabilities into intuitive user experiences.
  • Establish feedback loops with large enterprise customers to ensure our technical solutions scale with their organizational complexity.
  • Evaluate and integrate cutting-edge technologies in areas such as graph databases, stream processing, machine learning inference at scale, and distributed caching, in collaboration with GitLab’s Infrastructure, Data and AI teams.
  • Own the technical roadmap for vulnerability correlation, risk scoring, and automated remediation workflows.
  • Drive partnerships with other GitLab stages to ensure seamless integration across the DevSecOps platform.
  • Lead incident response for availability and performance issues in customer-facing security systems.

Requirements

  • 10+ years of software engineering experience with 5+ years leading distributed systems at scale (>100M daily operations)
  • Deep expertise in designing and operating high-throughput, low-latency distributed systems with complex data models
  • Proven experience with polyglot persistence strategies, including relational databases (PostgreSQL, Cloud Spanner), time-series databases, graph databases, and distributed key-value stores
  • Strong background in stream processing frameworks (Apache Kafka, Apache Flink, or similar) and event-driven architectures
  • Hands-on experience with container orchestration (Kubernetes) and cloud-native observability stacks
  • Security domain knowledge with understanding of vulnerability assessment, static analysis, dependency scanning, or application security testing.
  • Proven track record of leading and growing high-performing engineering teams (40+ engineers)
  • Experience transforming engineering culture and establishing technical excellence standards in fast-growing organizations
  • Strong technical communication skills with ability to present complex architectural decisions to executive stakeholders
  • Collaborative leadership style with experience working across multiple engineering teams and product stakeholders
  • Systems thinking approach to complex technical problems with demonstrated ability to make appropriate trade-offs between performance, scalability, and maintainability
  • Experience with A/B testing frameworks and data-driven decision making in technical contexts
  • Track record of successfully delivering large-scale technical migrations or architectural transformations
  • Startup or high-growth company experience with ability to balance technical debt with rapid feature delivery.

Benefits

  • Benefits to support your health, finances, and well-being
  • Flexible Paid Time Off
  • Team Member Resource Groups
  • Equity Compensation & Employee Stock Purchase Plan
  • Growth and Development Fund
  • Parental leave
  • Home office support

Job type

Full Time

Experience level

Lead

Salary

$194,800 - $365,200 per year

Degree requirement

Bachelor's Degree

Tech skills

ApacheCloudDistributed SystemsKafkaKubernetesMicroservicesPostgres

Location requirements

RemoteCanada

Report this job

Found something wrong with the page? Please let us know by submitting a report below.