Senior Technical Security Program Manager, PSIRT

View full description

Requirements:

• 5+ years of experience in product security response (PSIRT) with hands-on experience in defining and driving product security incident response processes.
• Familiarity with standard security response practices and terminology such as CVE, CVSS, CWE, OWASP top 10, STRIDE model.
• Strong collaboration skills and ability to work with cross-functional teams.
• Effective verbal and written communication skills, inclusive communication with a global audience.
• Preferred experience with HackerOne or Bugcrowd, interacting with security researchers, and generating metrics with analysis software.
• 5+ years of project management experience with knowledge of program management best practices.

Responsibilities:

• Triage, initial assessment, & issue management of product application and infrastructure vulnerabilities reported to GitLab.
• Manage GitLab’s CNA operations, assigning CVEs as appropriate.
• Collaborate with security engineering partners on complex technical issues.
• Act as customer advocate in managing security risk and escalate to leadership when necessary.
• Drive internal and external communication regarding security issues.
• Report on trends and business impact, tracking completion of key results.
• Define and implement operational improvements to issue handling.
• Manage Bug Bounty operations and drive bounty program strategy.
• Create documentation such as runbooks to improve operational efficiency.
• Drive cross-functional collaboration to document root cause analysis and product incident reviews.