Principal Field Security Engineer

10+ years of experience in information security, with at least 5 years in customer-facing security roles. Deep expertise in security frameworks and standards such as (SOC 2, ISO 27001, FedRAMP, GDPR, NIST, etc.). Proven track record of contract negotiation and security/privacy agreement reviews. Exceptional written and verbal communication skills with ability to translate complex technical concepts for diverse audiences. Experience creating security content (blogs, whitepapers, presentations). Strong understanding of cloud security, SaaS security models, and DevSecOps practices. Experience working cross-functionally with Sales, Legal, Product, and Engineering teams. Ability to balance security risk with business objectives.

Serve as the primary security point of contact for enterprise customer questions, requests, and concerns. Provide expert guidance on GitLab’s security practices and controls in customer and prospect meetings. Build and maintain templates, playbooks, fallback positions, and training. Facilitate customer assurance activities. Provide escalation support for complex security questionnaires, RFPs, and risk assessments. Perform comprehensive contract reviews for customer agreements and vendor relationships. Analyze security and compliance clauses in legal documents. Provide risk-based recommendations for contractual security requirements. Partner with Legal, Sales, Product, and Procurement teams to negotiate security-related contract terms. Develop internal and external security content such as blog posts, whitepapers, technical standards, and field sales enablement training materials. Keep abreast of the rapidly evolving regulatory landscape. Identify, track, and facilitate solutions for security related customer trends and improvement areas. Maintain and enhance GitLab's Trust Center and self-service security resources. Provide strategic recommendations based on customer security concerns. Mentor and provide guidance to Security Assurance team members. Drive continuous improvement of Field Security processes and documentation. Design and implement solutions to enable Sales facing teams to successfully discuss security problems and topics with customers.