Director, Product Security Architecture

GitLab is the intelligent orchestration platform for DevSecOps, trusted by more than 50 million registered users and over 50% of the Fortune 100 to ship better, more secure software faster. The company embraces AI as a core productivity multiplier and operates a high-performance, remote-first culture driven by its values and continuous knowledge exchange.

• Typically 10+ years leading software, architecture, or application security initiatives in high-velocity R&D organizations.
• Strong application security and secure design literacy, including familiarity with common vulnerability classes, modern software architectures, and mitigation patterns.
• Deep understanding of systemic product security risks in large-scale platforms, with expertise in areas such as CI/CD and pipeline security, software supply chain security, identity and access management, AI/ML security, or multi-tenant SaaS architectures.
• Ability to balance business goals and risk reduction, focusing on highest-impact decisions and framing options in terms of risk, cost, and customer impact.
• Proven success building trust with Product and Engineering Directors/VPs and influencing multi-quarter roadmaps.
• Experience designing and rolling out scalable security patterns that reduce risk while minimizing toil.
• Experience collaborating with Compliance, Audit, and Security Operations on security controls and quality standards.
• Experience supporting organizations through significant technology and architectural change while maintaining or improving security posture.
• Ability to operate at multiple altitudes from executive strategy to detailed technical design discussions.
• Excellent written and verbal communication skills in an all-remote, asynchronous environment.
• Comfort with AI-augmented workflows and alignment with GitLab’s values.

Nice to have:

• Experience with security requirements and frameworks relevant to GitLab’s customers (e.g., FedRAMP, ISO 27001, SOC 2, PCI-DSS).
• Prior experience in organizations undergoing significant scaling, reorganization, or operating model transformation.

• Lead, develop, and mentor a team of Product Security Architects and closely-aligned specialists dedicated to major product functional areas such as Sec Section, AI, and Core DevOps.
• Own and continuously evolve the Product Security Architecture strategy and partnership model, shifting architects from embedded consultants to accelerators of secure architecture delivery.
• Serve as a strategic partner to Product and Engineering Directors/VPs.
• Oversee and mature the Product Security Risk Register, ensuring systemic product security risks are clearly articulated, prioritized, and paired with multi-quarter risk reduction plans.
• Operate Product Security Architecture in a risk-aligned, business-enabling way focusing on highest-impact architectural decisions.
• Define and drive security visions, standards, “paved roads,” and secure-by-default platform behaviors and configurations.
• Lead the Product Security AI strategy for scaling, including adoption of AI-assisted and platform-level investments.
• Partner with Application Security, Infrastructure Security, Security Research, Security Operations, Security Risk, and Security Compliance on end-to-end risk reduction.
• Define and track architecture-related metrics and Key Risk Indicators.
• Represent Product Security in cross-functional forums, articulating risk, tradeoffs, and recommended paths forward.

GitLab hires new team members globally with all roles remote; some roles may have specific location-based eligibility requirements. GitLab is an equal opportunity workplace and affirmative action employer, with policies based solely on merit and prohibits discrimination or harassment based on protected characteristics. Candidates with disabilities or special needs can request accommodations during the recruiting process.