gitlab

Director, Product Security Architecture

Preview — apply on company site for full detailsApply Now

At a Glance

Location: Remote, Canada; Remote, EMEA; Remote, US
Work Regime: remote
Experience: 10+ years
Posted: 2026-03-23T17:39:37-04:00

Key Requirements

Required Skills

CI/CDMicroservices

Certifications

Domain Knowledge

Engineering
Regulatory
SaaS
Supply Chain

Requirements

Significant experience (typically 10+ years) leading software, architecture, or application security initiatives in high-velocity R&D organizations, with a strong grounding in building and evolving complex software systems

Strong application security and secure design literacy, whether from direct AppSec roles or from owning secure delivery of large-scale systems, including familiarity with common vulnerability classes, modern software architectures, and practical mitigation patterns

Deep understanding of systemic product security risks in large-scale platforms, with expertise in at least some of: CI/CD and pipeline security, software supply chain security, identity and access management (AuthN/Z), AI/ML security, or multi-tenant SaaS architectures

Proven ability to operate effectively in constrained environments: balancing business goals and risk reduction, focusing attention on the highest-impact, hardest-to-reverse decisions, and framing options in terms of risk, cost, and customer impact rather than absolutes.

Demonstrated success building trust with Product and Engineering Directors/VPs, influencing multi-quarter roadmaps, and co-owning outcomes rather than acting solely as a gate.

Experience designing and rolling out scalable security patterns—standards, “paved roads,” and secure-by-default configurations—that reduce risk while minimizing additional toil for product and engineering teams.

Responsibilities

Lead, develop, and mentor a team of Product Security Architects and closely-aligned specialists who are dedicated to major product functional areas (e.g., Sec Section, AI, Core DevOps)

Own and continuously evolve the Product Security Architecture strategy and partnership model, shifting architects from embedded consultants to accelerators of secure architecture delivery, and serve as a strategic partner to Product and Engineering Directors/VPs

Product Security Risk Register

, ensuring systemic product security risks are clearly articulated, prioritized with Product and Engineering, and paired with multi-quarter risk reduction plans that reduce long-term product security debt.

Operate Product Security Architecture in a risk-aligned, business-enabling way that focuses Security Architects on the highest-impact, hardest-to-change architectural decisions, helping teams make clear, informed tradeoffs without slowing delivery.

Define and drive security visions, standards, “paved roads,” and secure-by-default platform behaviors and configurations that enable product teams to make sound security decisions with minimal overhead, including evolving existing behaviors over time to strengthen the baseline security posture.

Team

Product Security Architects are part of our

Security Platforms & Architecture

team, which protects GitLab’s platform and products by identifying, prioritizing, and mitigating security risks across the entire product lifecycle. Composed of

Security Architecture

Application Security