RemoteLeaf Logo
Log in Sign up

Staff Product Security Architect

5 hours, 49 minutes ago
Europe, United States, Canada
Full-time
Lead
Application Security Engineer
DevOps and Infrastructure
CI/CD DevSecOps Encryption GraphQL Secrets Management
Apply Now
GitLab

GitLab

GitLab: The comprehensive DevOps platform revolutionizing software development with automation, AI workflows, and essential tools for efficient collaboration.

Internet Software & Services
1K-5K
Founded 2014
View All Jobs 179

Description

  • Serve as the dedicated security architect and strategic partner for Core DevOps functional leadership.
  • Lead security architecture and design for strategic Core DevOps initiatives.
  • Identify, assess, and drive reduction of systemic security risks in CI/CD pipelines, source code management, and DevOps workflows.
  • Anticipate security challenges in upcoming initiatives and propose architectural solutions early.
  • Coordinate with Application Security engineers to ensure comprehensive security review coverage for Core DevOps work.
  • Conduct security architecture reviews for large strategic projects across Plan, Create, Verify, and Package stages.
  • Develop and communicate security standards and patterns for CI/CD security.
  • Collaborate with Security Research team members on proactive security exploration in the Core DevOps domain.
  • Cultivate strong relationships with Core DevOps technical leadership to maintain visibility into major initiatives and drive security outcomes.

Requirements

  • Deep expertise in CI/CD pipeline security, including runner isolation, secrets management, artifact security, and supply chain attack prevention.
  • Strong understanding of source code management security, including merge request workflows, code review security, branch protection, and access control patterns.
  • Proven experience securing DevOps toolchains and identifying systemic risks in continuous integration and delivery systems.
  • Demonstrated ability to build trusted relationships with engineering leadership and influence technical direction through expertise and collaboration.
  • Track record of proactive security architecture work, including identifying risks before they become incidents and designing preventive solutions.
  • Strong background in application security with expertise in authentication/authorization, injection attacks, privilege escalation, and multi-tenant isolation.
  • Experience translating complex security concepts into clear, actionable recommendations for technical audiences.
  • Ability to operate strategically while remaining technically hands-on when needed.
  • Nice to have: Experience with container registry and package management security, cryptographic systems and key management (SLSA framework), GraphQL security, AI-augmented development workflows, government security requirements (FedRAMP, NIST 800-171), security standards and frameworks (ISO 27001, SOC 2, PCI-DSS), and quantifying risk with security metrics or Key Risk Indicators.

Benefits

  • Base salary range of $140,000 to $270,000 USD for U.S. residents.
  • Benefits to support health, finances, and well-being.
  • Flexible Paid Time Off.
  • Equity Compensation and Employee Stock Purchase Plan.
  • Growth and Development Fund.
  • Parental leave.
  • Home office support.
  • Remote work with global hiring flexibility, subject to some location-based eligibility requirements.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Marqeta

Intern - Product Security Engineering

Marqeta 251-1K Diversified Financial Services

Marqeta is hiring a Product Security Engineering Intern for a 12-week summer program to support the security of its products and systems in a flexible, remote-friendly FinTech environment.

United States Internship Entry Level Application Security Engineer
$94k-$110k
AWS CI/CD Cybersecurity DevSecOps Go Java JavaScript Python
49 minutes ago
Affirm

Staff Product Security Engineer

Affirm 1K-5K Diversified Financial Services

Affirm is hiring a Staff Product Security Engineer to partner with product and engineering teams on securing cloud-based products throughout the development lifecycle.

United States Full-time Lead Application Security Engineer
$200k-$275k
AWS Azure CI/CD Java Kotlin OAuth OWASP Python SAML
1 hour, 4 minutes ago
Affirm

Staff Product Security Engineer

Affirm 1K-5K Diversified Financial Services

Affirm is hiring a Staff Product Security Engineer to work with product and engineering teams to improve the security of its consumer financial products across the product development lifecycle.

Canada Full-time Lead Application Security Engineer
$132k-$168k
AWS Azure CI/CD Java Kotlin OAuth OWASP Python SAML
4 hours, 19 minutes ago
Owner.com

Application Security Engineer

Owner.com 11-50 Internet Software & Services

Owner.com is hiring a remote Application Security Engineer to secure its restaurant-focused AI growth platform by testing, remediating, and preventing application security issues across the product line.

United States Canada Mexico Colombia Full-time Senior Application Security Engineer
$190k-$220k
Penetration Testing
14 hours, 19 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers