Principal Field Security Engineer

About the Role

GitLab is seeking an experienced Principal Field Security Engineer to tackle complex customer security challenges at the intersection of technical architecture and business requirements. In this role, you'll apply deep security expertise to answer technical questions, assess contract requirements, and enable GitLab’s Sales and field organizations to address security problems for enterprise customers. You'll work directly with customers and internal teams to provide technical guidance, create security content, and help customers understand how GitLab's security controls meet their compliance and risk management needs.

What You'll Do
Customer Engagement & Assurance

• Serve as the primary security point of contact for enterprise customer questions, requests, and concerns
• Join customer and prospect meetings to provide expert guidance on GitLab’s security practices and controls in order to address security, privacy, and compliance requirements
• Build and maintain templates, playbooks, fallback positions, and training that simplify and accelerate negotiations.
• Facilitate customer assurance activities through our Customer Assurance Activities Service Desk
• Provide escalation support for complex security questionnaires, RFPs, and risk assessments

Contract & Legal Review

• Perform comprehensive contract reviews for both customer agreements and vendor relationships
• Analyze security and compliance clauses in legal documents
• Provide risk-based recommendations and remediation guidance for contractual security requirements
• Partner with Legal, Sales, Product, and Procurement teams to negotiate security-related contract terms. Manage escalations, collaborate across other teams, and develop solutions to enable team and business partners to close deals.
• Document and track contract-related security obligations

Security Evangelism & Thought Leadership

• Act as a trusted technical thought leader, developing internal and external security content such as blog posts, whitepapers, technical standards, and field sales enablement training materials.
• Keep abreast of the rapidly evolving regulatory landscape affecting our agreements. Identify, track, and facilitate solutions for security related customer trends and improvement areas
• Build and strengthen GitLab's security brand within the industry

Strategic Initiatives

• Maintain and enhance GitLab's Trust Center and self-service security resources
• Provide strategic recommendations based on customer security concerns in support of revenue growth
• Participate in Quarterly Business Reviews to inform product and security roadmap decisions
• Mentor and provide guidance to Security Assurance team members
• Drive continuous improvement of Field Security processes and documentation
• Design and implement solutions to enable Sales facing teams to successfully discuss security problems and topics with customers

What you'll bring

• 10+ years of experience in information security, with at least 5 years in customer-facing security roles
• Deep expertise in security frameworks and standards such as (SOC 2, ISO 27001, FedRAMP, GDPR, NIST, etc.)
• Proven track record of contract negotiation and security/privacy agreement reviews
• Exceptional written and verbal communication skills with ability to translate complex technical concepts for diverse audiences
• Experience creating security content (blogs, whitepapers, presentations). Experience speaking at conferences is a plus.
• Strong understanding of cloud security, SaaS security models, and DevSecOps practices
• Experience working cross-functionally with Sales, Legal, Product, and Engineering teams
• Ability to balance security risk with business objectives