Magnet.me  -  The smart network where hbo and wo students find their internship and first job.

The smart network where hbo and wo students find their internship and first job.

This opportunity has expired. It is therefore no longer possible to like or apply.

See similar opportunities instead

Senior Security Engineer, Security Research

Job NL
Posted 23 Mar 2024
Work experience
0 to 3 years
Full-time / part-time
Full-time
Job function
Degree level
Required language
English (Fluent)

Your career starts on Magnet.me

Create a profile and receive smart job recommendations based on your liked jobs.

Remote

This position is remote based.

Security Engineers at GitLab work on securing our product and on internal security. On the product side, this includes the open source version of GitLab, the enterprise editions, and the GitLab.com service. Security Engineers work with peers on cross-functional teams dedicated to areas of the product. They also work together with product managers, developers, and the infrastructure teams to solve common goals.

Security research specialists conduct internal testing against GitLab assets, and against FOSS that is critical to GitLab products and operations. Initiatives for this specialty also include:

  • Conduct vulnerability research against all GitLab and GitLab.com assets

  • Research FOSS tools that are integrated with GitLab

  • Develop proof-of-concept code to be included in security findings

  • Report findings to tool developers and track mitigation process

  • Follow responsible disclosure policies for community disclosure

  • Author blog posts on vulnerabilities discovered

Requirements

  • You have a passion for security and open source
  • You are a team player, and enjoy collaborating with cross-functional teams
  • You are a great communicator
  • You employ a flexible and constructive approach when solving problems
  • Ability to professionally handle communications with outside researchers, users, and customers.
  • Ability to communicate clearly on technical issues.
  • An understanding of how to write code that is not only secure but scales to a large number of users and systems.
  • Familiar with common security libraries, security controls, and common security flaws that apply to Ruby on Rails applications.
  • Ability to discover and patch SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond).
  • Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP.
  • Knowledge of browser-based security controls such as CSP, HSTS, XFO.
  • Experience with standard web application security tools such as Arachni, Brakeman, and BurpSuite.
  • You share our values, and work in accordance with those values

Responsibilities

  • Develop security training and guidance to internal development teams
  • Provide subject matter expertise on architecture, authentication and system security
  • Assess security tools and integrate tools as needed, particularly open-source tools
  • Assist with recruiting activities and administrative work
  • There should also be time to participate in development of GitLab.
  • Proactively identify and reduce security risks.
  • Find and remove outdated and vulnerable code and code libraries.
  • Consult with other Developers and Product Managers to analyze and propose application security standards, methods, and architectures.
  • Handle communications with independent vulnerability researchers and design appropriate mitigation strategies for reported vulnerabilities.
  • Educate other developers on secure coding best practices.

Compensation

Please view the compensation range for this role at the bottom of the position description.

Remote

GitLab Inc. is a company based on the GitLab open-source project, helping developers collaborate on code to build great things and ship on time. We are an active participant in our global community of customers and contributors, trying to serve their needs and lead by example. We have one vision: everyone can contribute to all digital content, and our mission is to change all creative work from read-only to read-write.

IT
Amsterdam
1,000 employees