Senior Product Security Engineer
Halcyon
Python
Senior Security Engineer – Enterprise AI Security
GitLab
full-time
Posted on:
Location Type: Remote
Location: Remote • California, Colorado, Hawaii, Illinois, Minnesota, New Jersey, New York, Washington • 🇺🇸 United States
Visit company websiteSalary
💰 $124,300 - $239,800 per year
Job Level
Senior
Tech Stack
AWSAzureCloudGoGoogle Cloud PlatformJavaScriptNode.jsPythonRuby
About the role
- Design AI Security Architecture: Build comprehensive security frameworks for internal AI systems, including LLMs, productivity tools, and AI-powered business applications used by GitLab team members.
- Secure Model Context Protocol (MCP) Implementations: Monitor and secure MCP server deployments, establish authentication standards, and implement monitoring for MCP interactions across internal tools and development environments
- Manage Non-Human Identities: Architect identity management systems for AI agents, service accounts, and automated systems. Implement zero-trust principles and least-privilege access controls for machine-to-machine communications
- Govern Internal AI Tool Usage: Secure employee use of AI assistants (ChatGPT, Claude, through DLP controls, monitoring, and policy enforcement while protecting intellectual property and confidential data.
- Product & Product Security Collaboration: Work with our Product and Product Security teams as necessary on GitLab Duo and other internal use cases.
- Implement Data Protection Controls: Prevent sensitive corporate data leakage through AI systems, establish data classification frameworks, and design privacy-preserving techniques for internal AI analytics
- Drive Cross-Functional Collaboration: Partner with IT, Legal, Product, Product Security and business teams to enable secure AI adoption, provide security training, and evaluate new AI tools through procurement processes
Requirements
- 5+ years information security experience with 2+ years in enterprise AI/ML security
- Deep expertise in enterprise AI adoption, shadow IT risks, and data loss prevention
- Strong experience with identity and access management, particularly non-human identity governance
- Proven experience managing service accounts, API keys, certificates, secrets management, and automated system authentication
- Proficiency in cloud security (AWS, GCP, Azure) and scripting (Python, Go, Ruby, Node.js)
- Understanding of API security, OAuth, SAML, and modern authentication protocols
- Excellent communication skills for GitLab's transparent, asynchronous, and global culture
Benefits
- Benefits to support your health, finances, and well-being
- All remote, asynchronous work environment
- Flexible Paid Time Off
- Team Member Resource Groups
- Equity Compensation & Employee Stock Purchase Plan
- Growth and Development Fund
- Parental leave
- Home office support
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
AI Security ArchitectureModel Context Protocol (MCP)identity management systemszero-trust principlesdata protection controlsdata classification frameworkscloud securityscriptingAPI securityauthentication protocols
Soft skills
communication skillscross-functional collaborationsecurity training
