Rodeo
ResourcesPartnersSign in

GitLab

Director of Engineering, Security Factory

United Kingdom
Posted 2 days ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Director of Engineering, Security Factory

Director of Engineering, Security Factory

GitLab is the intelligent orchestration platform for DevSecOps. GitLab enables organisations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. More than 50 million registered users and more than 50% of the Fortune 100* trust GitLab to ship better, more secure software faster.

The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier, with all team members expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact. GitLab is where careers accelerate, innovation flourishes, and every voice is valued. Our high-performance culture is driven by our values and continuous knowledge exchange, enabling our team members to reach their full potential while collaborating with industry leaders to solve complex problems. Co-create the future with us as we build technology that transforms how the world develops software.


Fortune 500® is a registered trademark of Fortune Media IP Limited, used under license. Claim based on GitLab data. Fortune 100 refers to the top 20% ranked companies in the 2025 Fortune 500 list. Fortune and Fortune Media IP Limited are not affiliated with, and do not endorse, products or services of GitLab.


An Overview of This Role

As Director of Engineering, Security Factory, you will lead the engineering organisation responsible for GitLab’s customer-facing security capabilities across our AI-powered DevSecOps platform. You’ll help shape how customers detect, prioritise, and remediate vulnerabilities across modern software workflows, guiding teams building:

  • Proprietary scanners
  • AI-driven detection engines
  • Agentic remediation flows
  • Supporting security foundations

Reporting to the VP of Engineering, Sec section, you’ll set the engineering vision and roadmap for a distributed group of nine teams, including engineering managers, fostering strong delivery, technical direction, and healthy team growth.

Some Examples of Our Projects

  • Advanced proprietary scanners for:
    • Static Application Security Testing (SAST)
    • Software Composition Analysis (SCA)
    • Secret Detection
  • AI and machine learning detection engines
  • Agentic security flows enabling autofix and guided remediation
  • Research for AI security, threat intelligence, vulnerability management, and security foundations

What You’ll Do

Vision & Roadmap

  • Set the engineering vision and multi-quarter roadmap across teams, including:
    • Proprietary scanners
    • AI-driven security workflows
    • Research functions
    • Vulnerability management
    • Security foundations

Leadership & Team Growth

  • Lead a distributed engineering organisation at the manager-level, focusing on:
    • Team performance
    • Engagement
    • Career development

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Architectural Direction

  • Drive key architectural decisions, particularly for:
    • AI and machine learning detection engines
    • Agentic remediation flows
    • Scalable scanning infrastructure

Collaboration & Delivery

  • Partner with product management to align priorities, shape requirements, and deliver security capabilities for regulated and high-security customer environments
  • Own engineering delivery of:
    • Proprietary application security scanners
    • Agentic remediation workflows
    • AI Security Research efforts

Representation & Alignment

  • Serve as the ** voice of Security Factory** in:
    • Cross-functional planning
    • Executive reviews
    • Security disclosures
    • Customer conversations

Standards & Transparency

  • Establish engineering standards for:
    • Delivery & delivery efficiency
    • Observability
    • Incident response
    • Scanner quality
    • Code quality
  • Align with GitLab’s async-first, transparent workflow through tools like:
    • Issues
    • Merge requests
    • The GitLab handbook

What You’ll Bring

Leadership & Management

  • Proven experience leading engineering organisations that comprise multiple teams and managers in a distributed environment

Technical Expertise

  • Strong understanding of application security fundamentals including:
    • Static Application Security Testing (SAST)
    • Software Composition Analysis (SCA)
    • Secret detection
    • Vulnerability management workflows
    • Software supply chain security

Product & Systems Knowledge

  • Experience building detection, analysis, or scanning systems in a:
    • Software as a Service (SaaS)
    • DevSecOps environment
  • Familiarity with trade-offs in:
    • Precision vs. recall
    • Latency
    • Scalability

AI & Machine Learning Background

  • Direct experience shipping customer-facing AI/ML product features tied to:
    • Detection quality
    • Remediation outcomes

Product Collaboration

  • Ability to partner closely with product management for:
    • Roadmap planning
    • Prioritisation
    • Requirements (within product-led environments)

Communication

  • Strong written communication skills appropriate for:
    • Remote, async-first environments
    • Clearer documentation practices

Leadership Style

  • Collaborative and coaching-focused leadership
  • Ability to give direct feedback, while aligning with GitLab’s:
    • Core values
    • Operating principles

Experience with preferred technologies

  • Familiarity with (or passion for) agentic AI systems, AI agent orchestration, threat intelligence research, and open-source security tooling

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

About the Team

The Security Factory group builds GitLab’s customer-facing security capabilities within its AI-powered DevSecOps platform. The organisation spans nine teams, delivering capabilities across:

  • Proprietary scanners (incl. SAST, SCA, secret detection etc.)
  • AI-driven detection engines
  • Agentic remediation branches
  • Security research
  • Vulnerability management
  • Core security infrastructure

Teams operate asynchronously, collaborating across regions with product management and cross-functional stakeholders. The mission is to:

  • Improve detection quality
  • Scale security workflows for enterprise use
  • Strengthen GitLab’s contributions to securing the software supply chain

For more about the team’s approach, consult the [Sec Engineering Handbook](link included in original text).


How GitLab Supports Full-Time Employees

GitLab offers comprehensive benefits to support:

Health, Wellbeing & Financial Stability

  • Benefits catering to health, finances, and day-to-day well-being
  • Flexible Paid Time Off (PTO)

Professional Development

  • Team Member Resource Groups (TMRGs) to foster community
  • Growth and Development Fund for extensive upskilling

Equity & Compensation

  • Equity compensation and Employee Stock Purchase Plan

Work-Life Balance

  • Family-friendly policies, including parental leave

GitLab is committed to inclusive hiring, encouraging candidates with varied experience levels to apply even if not all qualifications are met. Candidates from underrepresented groups are strongly encouraged to apply.


For hiring guidelines and location considerations: Roles are globally remote, though some may have country-specific eligibility requirements. Our Talent Acquisition team can address any questions during the application process.


GitLab’s commitment to equality: We reserve the right to extend this opportunity to underrepresented positions, re-Christianise our “At-Will Employment” policies, and improve physical/disability accessibility via accommodations during recruitment.

Legal agreements: Privacy protection is prioritised. Refer to [GitLab’s Recruitment Privacy Policy](link included).

GitLab stands proud as an equal opportunity employer. Our employment, career development, advancement and retirement policies adhere strictly to merit – regardless of sex, origin, religion, veteran status, disability or any other basis protected by law. GitLab values harassment- and discrimination-free environments. For more: GitLab’s EEO Policy and EEO is the Law.

Accessibility for candidates during recruitment: If you have a disability or special need requiring accommodation, please inform us during the application process.

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Engineering Leadership
Application Security
Static Application Security Testing
Software Composition Analysis
Vulnerability Management
AI and Machine Learning
Product Management
Documentation
Collaborative Leadership
Threat Intelligence
Open Source Security
Agentic AI Systems
Scanning Systems
Software as a Service
Remote Work
Async Communication

Location

United Kingdom

Sign up to applySee more jobs like this