Simplify Logo

Full-Time

Senior Security Compliance Engineer

Dedicated Markets

Posted on 8/1/2024

GitLab

GitLab

1,001-5,000 employees

Unified DevOps platform for software development

Robotics & Automation
Consulting
Enterprise Software
Defense
Education

Compensation Overview

$124k - $266kAnnually

+ Incentive Pay

Senior, Expert

Remote in USA

US Citizenship Required

Category
Cybersecurity
IT & Security
Required Skills
Communications
AWS
Google Cloud Platform
Requirements
  • Valid proof of US citizenship and residency.
  • Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or equivalent experience in a related field.
  • Minimum of 5 years of experience in GRC, cybersecurity, or a related field, with a focus on highly regulated industries.
  • Proven experience achieving and maintaining security certifications such as FedRAMP, SOC 2, ISO 27001, and others.
  • Strong understanding of regulatory and compliance requirements for the public sector and highly regulated verticals.
  • Familiarity with implementing compliance-as-code or policy-as-code, and automating control testing and evidence collection.
  • Basic knowledge of FedRAMP requirements, processes, and documentation.
  • Familiarity with cloud hyperscalers services and how they work (e.g. AWS, GCP, etc.).
  • Excellent analytical, problem-solving, and project management skills.
  • Strong communication and interpersonal skills, with the ability to effectively collaborate with internal teams, auditors, customers, and regulatory bodies.
Responsibilities
  • Develop, implement, and manage GRC strategies and processes to support compliance with various regulatory and industry standards, including FedRAMP, SOC 2, ISO 27001, and others.
  • Work closely with highly regulated customers to understand their unique compliance requirements and provide tailored solutions to ensure adherence to relevant frameworks and certifications.
  • Lead and manage security assessments, audits, and certification processes, ensuring timely and successful completion.
  • Collaborate with cross-functional teams, including IT, security, and legal, to integrate GRC requirements into the organization's operations and technology stack.
  • Develop and maintain comprehensive documentation, including policies, procedures, and controls, to support compliance initiatives.
  • Utilize scripting/coding skills to automate GRC processes and implement compliance-as-code or policy-as-code solutions.
  • Monitor and analyze regulatory changes and industry trends to ensure continuous improvement of the GRC program and maintain up-to-date compliance.
  • Provide training and guidance to internal teams and customers on GRC-related topics, fostering a culture of compliance and security awareness.
  • Act as a subject matter expert on GRC issues, providing strategic advice and support to senior management and stakeholders.

GitLab offers a DevOps platform that simplifies the software development process by providing a single application for collaboration, visibility, and speed. The platform integrates various tools needed for software development, which helps teams manage their projects more efficiently without juggling multiple tools. This allows companies to focus on enhancing their products rather than getting bogged down in the complexities of development. GitLab serves a wide range of clients, including large corporations across different industries, demonstrating its versatility. The company operates on a subscription-based model, providing access to its platform with features that support continuous integration and deployment. GitLab also offers free trials to attract new customers and continuously updates its platform to deliver ongoing value. Its goal is to streamline software development and deployment for organizations of all sizes.

Company Stage

IPO

Total Funding

$1.4B

Headquarters

San Francisco, California

Founded

2014

Growth & Insights
Headcount

6 month growth

8%

1 year growth

17%

2 year growth

27%
Simplify Jobs

Simplify's Take

What believers are saying

  • GitLab's potential acquisition by Datadog could significantly enhance its cloud app offerings and market reach.
  • The acquisition of Oxeye for $30-40 million strengthens GitLab's cloud security capabilities, making it a more robust platform for clients.
  • Strategic partnerships, such as with Ooredoo Kuwait and Quokka, demonstrate GitLab's commitment to enhancing its platform's security and efficiency, which can attract more clients.

What critics are saying

  • The potential sale to Datadog introduces uncertainty, which could affect employee morale and client confidence.
  • The competitive DevOps market requires GitLab to continuously innovate to maintain its edge, which can be resource-intensive.

What makes GitLab unique

  • GitLab offers a unified DevOps platform that integrates various tools required for software development, reducing the complexity of managing multiple toolchains, unlike competitors who may offer fragmented solutions.
  • The platform's versatility is demonstrated by its diverse client base, including major corporations across various industries, which is a testament to its broad appeal and adaptability.
  • GitLab's continuous updates and new feature rollouts ensure that clients receive ongoing value from their subscriptions, setting it apart from competitors with less frequent updates.

Benefits

Spending Company Money

Equity Compensation

Life Insurance

Financial Wellness

Paid Time Off

Growth and Development Benefit

GitLab Contribute

Business Travel Accident Policy

Immigration

Employee Assistance Program

Incentives

All-Remote

Part-time contracts

Meal Train

Fertility & Family Planning

Parental Leave

INACTIVE