VP of Product Security

About The Position

Requirements

• Experience operating as a senior engineering or security leader with strong product engineering credibility and ownership of security-relevant product architecture
• Experience building, shipping, and operating services in a high-growth SaaS or AI environment, with a clear understanding of how fast-moving product teams work
• Ability to lead multi-disciplinary organizations through Directors, Senior Managers, and senior individual contributors in a distributed, remote-first setting
• Knowledge of secure design, threat modeling, web application and API security, and modern authentication and authorization patterns
• Familiarity with software supply chain security, continuous integration and continuous delivery pipelines, vulnerability management, incident response, and cloud security concepts
• Experience partnering closely with Product, Engineering, AI, and Security leaders to turn risk, customer needs, and technical trade-offs into practical roadmaps and decisions
• Skill in written and verbal communication, including presenting technical risk and business trade-offs clearly to executives, customers, and other stakeholders
• Openness to candidates with different career paths, including product engineering leaders with deep security ownership or security leaders with a strong record of building and shipping products
• Must be a United States Citizen

Nice To Haves

• Experience with developer tools, DevOps/DevSecOps platforms, large-scale open-source projects, security standards and frameworks (OWASP, NIST, SLSA), bug bounty and coordinated disclosure programs, or regulated/security-sensitive customer environments (financial services, government, healthcare).

Responsibilities

• Set the long-term strategy and operating model for Product Security across GitLab.com, GitLab Dedicated, and self-managed offerings
• Lead a global, multi-disciplinary organization spanning Application Security, Product Security Engineering / security tooling, Security Architecture and Platforms, Vulnerability Management, Product Security Incident Response (PSIRT), and Infrastructure, Cloud, and Data Security
• Partner with the Chief Technology Officer, Chief Product Officer, Chief Information Security Officer, Vice President of AI Engineering, and other R&D leaders to embed security into product architecture, planning, and delivery
• Own the roadmap for core security services and developer-facing platform capabilities, including authentication, authorization, secrets management, auditability, and security APIs
• Drive secure design reviews, threat modeling, and risk-based security practices that help product teams ship securely without adding unnecessary friction
• Guide GitLab's approach to AI and agentic security, including security architecture, governance decisions, and risk acceptance for new AI surfaces
• Oversee vulnerability management, product security incident response, and bug bounty operations, using trends and root-cause analysis to inform durable product and process improvements
• Establish clear security metrics, planning inputs, and risk visibility that support executive decision-making, customer conversations, and engineering prioritization

Benefits

• Flexible Paid Time Off
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and Development Fund
• Parental Leave