Developer, Security Specialist
Please see job description https://about.gitlab.com/jobs/developer/#security-...
- Technical Skills
- Ability to discover and patch SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond).
- Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP.
- Knowledge of browser-based security controls such as CSP, HSTS, XFO.
- Experience with standard web application security tools such as Arachni, Brakeman, and BurpSuite.
- Code quality
- Proactively identifying and reducing security risks.
- Finding and removing outdated and vulnerable code and code libraries.
- Consult with other developers and product managers to analyze and propose application security standards, methods, and architectures.
- Handle communications with independent vulnerability researchers and design appropriate mitigation strategies for reported vulnerabilities.
- Educate other developers on secure coding best practices.
- Ability to professionally handle communications with outside researchers, users, and customers.
- Ability to communicate clearly on technical issues.
- Performance & Scalability
- An understanding of how to write code that is not only secure but scales to a large number of users and systems.