Simplify Logo

Full-Time

Security Compliance Engineer

Fedramp

Posted on 7/26/2024

GitLab

GitLab

1,001-5,000 employees

Unified DevOps platform for software development

Robotics & Automation
Consulting
Enterprise Software
Defense
Education

Compensation Overview

$98k - $210kAnnually

+ Incentive Pay

Mid

Remote in USA

US Citizenship Required

Category
Cybersecurity
IT & Security
Required Skills
Communications
Management
AWS
Google Cloud Platform
Requirements
  • Proof of U.S. citizenship and residency.
  • Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field; or equivalent experience in a related field.
  • Minimum of 3 years of experience in security compliance or governance, risk, and compliance (GRC), preferably supporting U.S. public sector security authorizations.
  • Knowledge of FedRAMP, CMMC, NIST 800-53, NIST RMF, FISMA, or similar.
  • Familiarity with cloud hyperscalers services and how they work (e.g. AWS, GCP, etc.).
  • Excellent analytical, problem-solving, and project management skills.
  • Strong communication and interpersonal skills, with the ability to effectively collaborate with internal teams, auditors, customers, and regulatory bodies.
  • Relevant certifications such as CISSP, CISM, CISA, or similar are highly desirable.
  • Ability to work independently and manage multiple projects simultaneously in a fast-paced environment.
Responsibilities
  • Support the development, implementation, and management of our FedRAMP compliance program, ensuring all cloud services meet or exceed FedRAMP requirements.
  • Coordinate and manage the entire FedRAMP lifecycle, including initial assessment, authorization, continuous monitoring, and reauthorization processes.
  • Work closely with internal teams, including IT, security, and development, to integrate FedRAMP requirements into the organization’s operations and technology stack.
  • Develop and maintain comprehensive documentation, including System Security Plans (SSP), policies, procedures, and controls, to support FedRAMP compliance initiatives.
  • Automate and maintain the plan of action & milestones (POA&M) and other continuous monitoring requirements.
  • Conduct regular security assessments and audits to ensure continuous compliance with FedRAMP and other relevant standards.
  • Monitor and analyze changes in FedRAMP requirements and guidelines, ensuring the organization remains compliant with the latest updates.
  • Provide training and guidance to internal teams on FedRAMP-related topics, fostering a culture of compliance and security awareness.
  • Act as the primary point of contact for FedRAMP-related inquiries and coordination with external auditors and assessors.
  • Prepare and present compliance reports to senior management and stakeholders, highlighting the status of FedRAMP initiatives and any areas requiring attention.

GitLab offers a DevOps platform that simplifies the software development process by providing a single application for collaboration, visibility, and speed. The platform integrates various tools needed for software development, which helps teams manage their projects more efficiently without juggling multiple tools. This allows companies to focus on enhancing their products rather than getting bogged down in the complexities of development. GitLab serves a wide range of clients, including large corporations across different industries, demonstrating its versatility. The company operates on a subscription-based model, providing access to its platform with features that support continuous integration and deployment. GitLab also offers free trials to attract new customers and continuously updates its platform to deliver ongoing value. Its goal is to streamline software development and deployment for organizations of all sizes.

Company Stage

IPO

Total Funding

$1.4B

Headquarters

San Francisco, California

Founded

2014

Growth & Insights
Headcount

6 month growth

8%

1 year growth

17%

2 year growth

27%
Simplify Jobs

Simplify's Take

What believers are saying

  • GitLab's potential acquisition by Datadog could significantly enhance its cloud app offerings and market reach.
  • The acquisition of Oxeye for $30-40 million strengthens GitLab's cloud security capabilities, making it a more robust platform for clients.
  • Strategic partnerships, such as with Ooredoo Kuwait and Quokka, demonstrate GitLab's commitment to enhancing its platform's security and efficiency, which can attract more clients.

What critics are saying

  • The potential sale to Datadog introduces uncertainty, which could affect employee morale and client confidence.
  • The competitive DevOps market requires GitLab to continuously innovate to maintain its edge, which can be resource-intensive.

What makes GitLab unique

  • GitLab offers a unified DevOps platform that integrates various tools required for software development, reducing the complexity of managing multiple toolchains, unlike competitors who may offer fragmented solutions.
  • The platform's versatility is demonstrated by its diverse client base, including major corporations across various industries, which is a testament to its broad appeal and adaptability.
  • GitLab's continuous updates and new feature rollouts ensure that clients receive ongoing value from their subscriptions, setting it apart from competitors with less frequent updates.

Benefits

Spending Company Money

Equity Compensation

Life Insurance

Financial Wellness

Paid Time Off

Growth and Development Benefit

GitLab Contribute

Business Travel Accident Policy

Immigration

Employee Assistance Program

Incentives

All-Remote

Part-time contracts

Meal Train

Fertility & Family Planning

Parental Leave

INACTIVE