Seeking a Data Security Engineer to help set and implement the technical strategy for securing data across its platform, including SaaS, Dedicated, and on-prem deployment models.

This role involves designing authentication and authorization frameworks, addressing data infrastructure security challenges, developing encrypted data solutions, preventing data commingling, defining protocols for ethical and secure handling of customer data, leading data sanitization initiatives, and improving data loss prevention and disaster recovery solutions.

Ideal candidates have proven experience in data security engineering and one primary programming language like Ruby, Python, NodeJS, or GoLang. Familiarity with data protection standards, analytical and problem-solving skills, and excellent communication skills are also necessary.

What you’ll do  

• Design and develop comprehensive authentication and authorization frameworks for critical data stores within our SaaS, Dedicated architectures, and other customer-facing applications (like version.gitlab.com and customers.gitlab.com).

  • Read about our architecture in our docs.

• Help address data infrastructure security challenges for on-premise deployment models.

• Ensure the overarching security of data infrastructure supporting diverse deployment/product architectures, including:

  • Relational and non-relational databases

  • Object storage (S3, Minio, etc)

  • Clickhouse (read more).

  • Git repository data (read more)

• Contribute with security improvements and reviews for Gitaly - Built and maintained by GitLab for git repository storage and retrieval at scale (read more)

• Design and develop paved roads for engineering teams for encryption of data in transit and at rest.

• Design and help implement controls to prevent the commingling of different data types, maintaining appropriate data segregation and integrity.

• Define protocols and guardrails for internal engineering and support teams when needing access to customer data, ensuring ethical and secure handling.

• Help lead initiatives for data sanitization to prevent triangulation of individual identities, ensuring privacy and compliance with data protection laws.

• Design, develop, and improve solutions for Data Loss Prevention

• Design, develop, and improve solutions for Backups and Disaster Recovery

• Collaborate across product and engineering teams to continuously improve our data security practices and policies.

What you’ll bring 

• Proven experience in data security engineering and a strong background in deploying secure data solutions across different environments (public cloud, on-prem, etc.).

• Senior-level experience in software engineering in at least one primary programming language (Ruby, Python, NodeJS, or GoLang).

• Deep understanding of authn, authz, encryption,data sanitization, data loss prevention and disaster recovery practices

• Hands-on experience with a diverse set of data technologies, including object storage, relational/non-relational databases, key-value stores, message queues, etc.

• Familiarity with regulatory compliance and data protection standards (GDPR, CCPA, FedRAMP, HIPAA, etc.).

• Strong analytical and problem-solving skills, with the ability to reason about complex data security challenges.

• Excellent communication skills, capable of working collaboratively in a fully remote, globally distributed team.