Staff Product Security Architect

Deep expertise in CI/CD pipeline security, including runner isolation, secrets management, artifact security, and supply chain attack prevention

Strong understanding of source code management security, including merge request workflows, code review security, branch protection, and access control patterns

Proven experience securing DevOps toolchains and identifying systemic risks in continuous integration and delivery systems

Demonstrated ability to build trusted relationships with engineering leadership and influence technical direction through expertise and collaboration

Track record of proactive security architecture work - identifying risks before they become incidents and designing preventive solutions

Strong background in application security with expertise in authentication/authorization, injection attacks, privilege escalation, and multi-tenant isolation

Serve as the dedicated security architect and strategic partner for Core DevOps functional leadership, developing deep understanding of their priorities, challenges, and roadmap

Lead security architecture and design work for strategic Core DevOps initiatives, providing clear direction and proactive guidance to cross-functional teams

Identify, assess, and drive reduction of systemic security risks in the

Product Security Risk Register

related to CI/CD pipelines, source code management, and DevOps workflows

Anticipate security challenges in upcoming Core DevOps initiatives and propose architectural solutions before they reach critical implementation phases

Security Architects are a part of our

Security Platforms and Architecture

team, who address complex security challenges facing GitLab and its customers to enable GitLab to be the most secure software factory platform on the market. Composed of

Security Architecture

,

Security Research