Senior Security Engineer - Enterprise AI Security

We're looking for a Senior Security Engineer to lead security for GitLab's internal AI initiatives. You'll establish security frameworks for AI/ML systems used by our global workforce, ensuring responsible AI adoption while protecting against AI-specific threats.

What you'll do:

• Design AI Security Architecture: Build comprehensive security frameworks for internal AI systems, including LLMs, productivity tools, and AI-powered business applications used by GitLab team members. 
• Secure Model Context Protocol (MCP) Implementations: Monitor and secure MCP server deployments, establish authentication standards, and implement monitoring for MCP interactions across internal tools and development environments
• Manage Non-Human Identities: Architect identity management systems for AI agents, service accounts, and automated systems. Implement zero-trust principles and least-privilege access controls for machine-to-machine communications
• Govern Internal AI Tool Usage: Secure employee use of AI assistants (ChatGPT, Claude, through DLP controls, monitoring, and policy enforcement while protecting intellectual property and confidential data.
• Product & Product Security Collaboration: Work with our Product and Product Security teams as necessary on GitLab Duo and other internal use cases.
• Implement Data Protection Controls: Prevent sensitive corporate data leakage through AI systems, establish data classification frameworks, and design privacy-preserving techniques for internal AI analytics
• Drive Cross-Functional Collaboration: Partner with IT, Legal, Product, Product Security and business teams to enable secure AI adoption, provide security training, and evaluate new AI tools through procurement processes

• 5+ years information security experience with 2+ years in enterprise AI/ML security
• Deep expertise in enterprise AI adoption, shadow IT risks, and data loss prevention
• Strong experience with identity and access management, particularly non-human identity governance
• Proven experience managing service accounts, API keys, certificates, secrets management, and automated system authentication
• Proficiency in cloud security (AWS, GCP, Azure) and scripting (Python, Go, Ruby, Node.js)
• Understanding of API security, OAuth, SAML, and modern authentication protocols
• Excellent communication skills for GitLab's transparent, asynchronous, and global culture

• Experience with Model Context Protocol (MCP) and similar AI integration protocols
• Hands-on experience managing enterprise AI deployments and governance programs
• Knowledge of browser security, endpoint protection, and remote work security considerations
• Experience with Enterprise AI platforms (OpenAI, Anthropic, Google Vertex AI, AWS Bedrock, etc)
• Published research or contributions to enterprise AI security communities

How GitLab will support you

• Benefits to support your health, finances, and well-being
• All remote, asynchronous work environment
• Flexible Paid Time Off
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and Development Fund
• Parental leave
• Home office support

Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application.