Security Manager, Application Security (APAC)
Job Description
GitLab is the intelligent orchestration platform for DevSecOps. GitLab enables organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. More than 50 million registered users and more than 50% of the Fortune 100* trust GitLab to ship better, more secure software faster.
The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier, with all team members expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact. GitLab is where careers accelerate, innovation flourishes, and every voice is valued. Our high-performance culture is driven by our values and continuous knowledge exchange, enabling our team members to reach their full potential while collaborating with industry leaders to solve complex problems. Co-create the future with us as we build technology that transforms how the world develops software.
*Fortune 500® is a registered trademark of Fortune Media IP Limited, used under license. Claim based on GitLab data. Fortune 100 refers to the top 20% ranked companies in the 2025 Fortune 500 list, published in June 2025. Fortune and Fortune Media IP Limited are not affiliated with, and do not endorse products or services of GitLab.
An overview of this role
We are seeking a Security Manager, Application Security to drive the AppSec team at the tactical and operational level within the Security Platforms & Architecture (SPA) sub-department. The Application Security team is a key and critical stakeholder in securing GitLab’s product offerings.
In this role, you will manage and develop a team of Application Security Engineers (Intermediate through Staff) who perform security reviews, threat modeling, vulnerability triage, and secure design consultations across GitLab’s product surface. Your team is the front line of Product Security: the people reading the merge requests, talking to engineers, and evaluating features’ security posture before they are released to customers.
You will operate in an environment where feature delivery and platform capabilities are accelerating, architectures and technologies are evolving, and teams are continually balancing ambitious product goals with a strong security posture. In this context, you will help Product Security:
- Ensure that material product security risks and tradeoffs are surfaced, acknowledged, and decided at the right leadership levels
- Own operational execution for the team and ensure it operates through operational excellence.
- Build capability across every team member through coaching, mentoring, and career development
- Drive automation and AI-assisted enhancements of repeatable and time consuming work.
What you’ll do
- Lead, develop, and mentor a team of Application Security Engineers focused on clearing roadblocks, career growth and development, coaching and mentoring.
- Own the team’s operational cadence end to end: triage rotations, Application Security review queues, milestone planning.
- Drive tactical execution of the Application Security program: scaling the team for non linear security gains, security reviews enhancements and secure design consultations for high-risk changes.
- Lead AI adoption within the Application Security team: leverage AI-assisted/automated workflows for review triage, threat model generation, code analysis, and operational toil reduction. Champion practical AI use without losing critical thinking rigor.
- Recommend and drive security-related technical and process improvements.
- Author and execute project plans for security initiatives. Set schedules and assignments, anticipate roadblocks, and measure performance against goals.
- Provide input on security architecture, features, and issues. Serve as a partner and enabler to Product and Engineering teams on application security decisions.
- Partner with Security Architecture, Infrastructure Security, Security Research, and Security Operations on end-to-end risk reduction, aligning Application Security work with broader Product Security objectives.
- Prepare and deliver meaningful, actionable metrics to Product Security leadership.
- Hire and build a world-class team. Train team members to screen candidates and conduct struc
GitLab is the intelligent orchestration platform for DevSecOps. GitLab enables organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. More than 50 million registered users and more than 50% of the Fortune 100* trust GitLab to ship better, more secure software faster.
The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier, with all team members expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact. GitLab is where careers accelerate, innovation flourishes, and every voice is valued. Our high-performance culture is driven by our values and continuous knowledge exchange, enabling our team members to reach their full potential while collaborating with industry leaders to solve complex problems. Co-create the future with us as we build technology that transforms how the world develops software.
*Fortune 500® is a registered trademark of Fortune Media IP Limited, used under license. Claim based on GitLab data. Fortune 100 refers to the top 20% ranked companies in the 2025 Fortune 500 list, published in June 2025. Fortune and Fortune Media IP Limited are not affiliated with, and do not endorse products or services of GitLab.
An overview of this role
We are seeking a Security Manager, Application Security to drive the AppSec team at the tactical and operational level within the Security Platforms & Architecture (SPA) sub-department. The Application Security team is a key and critical stakeholder in securing GitLab’s product offerings.
In this role, you will manage and develop a team of Application Security Engineers (Intermediate through Staff) who perform security reviews, threat modeling, vulnerability triage, and secure design consultations across GitLab’s product surface. Your team is the front line of Product Security: the people reading the merge requests, talking to engineers, and evaluating features’ security posture before they are released to customers.
You will operate in an environment where feature delivery and platform capabilities are accelerating, architectures and technologies are evolving, and teams are continually balancing ambitious product goals with a strong security posture. In this context, you will help Product Security:
- Ensure that material product security risks and tradeoffs are surfaced, acknowledged, and decided at the right leadership levels
- Own operational execution for the team and ensure it operates through operational excellence.
- Build capability across every team member through coaching, mentoring, and career development
- Drive automation and AI-assisted enhancements of repeatable and time consuming work.
What you’ll do
- Lead, develop, and mentor a team of Application Security Engineers focused on clearing roadblocks, career growth and development, coaching and mentoring.
- Own the team’s operational cadence end to end: triage rotations, Application Security review queues, milestone planning.
- Drive tactical execution of the Application Security program: scaling the team for non linear security gains, security reviews enhancements and secure design consultations for high-risk changes.
- Lead AI adoption within the Application Security team: leverage AI-assisted/automated workflows for review triage, threat model generation, code analysis, and operational toil reduction. Champion practical AI use without losing critical thinking rigor.
- Recommend and drive security-related technical and process improvements.
- Author and execute project plans for security initiatives. Set schedules and assignments, anticipate roadblocks, and measure performance against goals.
- Provide input on security architecture, features, and issues. Serve as a partner and enabler to Product and Engineering teams on application security decisions.
- Partner with Security Architecture, Infrastructure Security, Security Research, and Security Operations on end-to-end risk reduction, aligning Application Security work with broader Product Security objectives.
- Prepare and deliver meaningful, actionable metrics to Product Security leadership.
- Hire and build a world-class team. Train team members to screen candidates and conduct structured interviews. Build the team’s ability to grow itself.
What you’ll bring
- Demonstrable prior people management experience in application security or a closely related security engineering discipline, preferably in high-velocity R&D organizations.
- Deep familiarity with application security domains: secure code review, threat modeling, vulnerability management, secure SDLC, and common vulnerability classes (OWASP Top 10, CWE), whether from direct Application Security roles or from owning secure delivery of complex systems.
- Demonstrated success building trust with Product and Engineering peers, influencing security related decisions, and co-owning outcomes rather than acting solely as a gate.
- Comfort with AI-augmented workflows and enthusiasm for leveraging tools like GitLab Duo to scale the Application Security function, along with strong alignment to GitLab’s values and a track record of thriving in a highly collaborative, remote-first culture.
- Good at establishing clear guidance and distributing the workload appropriately. Lays out work in a well-planned and organized manner, maintains two-way dialogue with others on work and results and is a clear communicator.
- Accurately scopes the length and difficulty of projects, breaks them into clear process steps with owners and timelines, anticipates problems before they stall progress, and consistently measures performance against goals to evaluate what worked and what didn't.
- Breaks down complex problems with rigorous analysis, surfacing hidden risks and delivering conclusions that withstand scrutiny.
- Excellent written and verbal communication skills, with demonstrated experience in executive-level communications in an all-remote, asynchronous environment.
- Consistently delivers above expectations, drives measurable results and raises the performance bar for the entire team.
- Nice to have: Experience with security requirements and frameworks relevant to GitLab’s customers (e.g., FedRAMP, ISO 27001, SOC 2, PCI-DSS); experience in DevSecOps or shift-left security models in SaaS or open-source environments; deep familiarity with CI/CD pipeline security, software supply chain security, or identity and access management (AuthN/Z).
About the team
Application Security Engineers are part of our Security Platforms & Architecture team, which protects GitLab’s platform and products by identifying, prioritizing, and mitigating security risks across the entire product lifecycle. Composed of Security Architecture, Application Security, and Security Research, we combine strategic security architecture with operational application security to enable GitLab to be the most secure software factory platform on the market.
The AppSec team operates on a set of guiding principles rooted in the leader-leader model: decisions belong where the information lives, every team member is a leader, not a task executor, and operational hygiene is non-negotiable. The manager is the primary steward of these principles.