Director, Product Security Architecture
GitLab is the intelligent orchestration platform for DevSecOps. GitLab enables organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation.
What this role actually needs.
GitLab is the intelligent orchestration platform for DevSecOps. GitLab enables organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. Responsibilities: - Lead, develop, and mentor a team of Product Security Architects and closely-aligned specialists who are dedicated to major product functional areas (e.g., Sec Section, AI, Core DevOps) - Own and continuously evolve the Product Security Architecture strategy and partnership model, shifting architects from embedded consultants to accelerators of secure architecture delivery, and serve as a strategic partner to Product and Engineering Directors/VPs - Oversee and mature the Product Security Risk Register , ensuring systemic product security risks are clearly articulated, prioritized with Product and Engineering, and paired with multi-quarter risk reduction plans that reduce long-term product security debt. - Operate Product Security Architecture in a risk-aligned, business-enabling way that focuses Security Architects on the highest-impact, hardest-to-change architectural decisions, helping teams make clear, informed tradeoffs without slowing delivery. - Define and drive security visions, standards, “paved roads,” and secure-by-default platform behaviors and configurations that enable product teams to make sound security decisions with minimal overhead, including evolving existing behaviors over time to strengthen the baseline security posture. - Lead the Product Security AI strategy for scaling, including adoption of AI-assisted and platform-level investments that expand security review coverage, reduce toil, and support non-linear developer gains while enabling developer velocity. Requirements: - Maximize risk reduction by identifying strategic opportunities that fit naturally into existing R&D work - Ensure that material product security risks and tradeoffs are surfaced, acknowledged, and decided at the right leadership levels - Lead SPA/AppSec scaling strategies that increase coverage and support non-linear developer gains, with a clear focus on enabling developer velocity with minimal friction - Lead, develop, and mentor a team of Product Security Architects and closely-aligned specialists who are dedicated to major product functional areas (e.g., Sec Section, AI, Core DevOps) - Own and continuously evolve the Product Security Architecture strategy and partnership model, shifting architects from embedded consultants to accelerators of secure architecture delivery, and serve as a strategic partner to Product and Engineering Directors/VPs - Oversee and mature the Product Security Risk Register , ensuring systemic product security risks are clearly articulated, prioritized with Product and Engineering, and paired with multi-quarter risk reduction plans that reduce long-term product security debt. Company context: GitLab is the all-remote DevSecOps platform spanning source code, CI/CD, security, and AI-assisted development.
Day-to-day expectations
Gitlab lists these responsibilities for the Director, Product Security Architecture role.
- Lead, develop, and mentor a team of Product Security Architects and closely-aligned specialists who are dedicated to major product functional areas (e.g., Sec Section, AI, Core DevOps)
- Own and continuously evolve the Product Security Architecture strategy and partnership model, shifting architects from embedded consultants to accelerators of secure architecture delivery, and serve as a strategic partner to Product and Engineering Directors/VPs
- Oversee and mature the Product Security Risk Register , ensuring systemic product security risks are clearly articulated, prioritized with Product and Engineering, and paired with multi-quarter risk reduction plans that reduce long-term product security debt.
- Operate Product Security Architecture in a risk-aligned, business-enabling way that focuses Security Architects on the highest-impact, hardest-to-change architectural decisions, helping teams make clear, informed tradeoffs without slowing delivery.
- Define and drive security visions, standards, “paved roads,” and secure-by-default platform behaviors and configurations that enable product teams to make sound security decisions with minimal overhead, including evolving existing behaviors over time to strengthen the baseline security posture.
- Lead the Product Security AI strategy for scaling, including adoption of AI-assisted and platform-level investments that expand security review coverage, reduce toil, and support non-linear developer gains while enabling developer velocity.
What a strong candidate brings
These requirements are extracted from the source listing and normalized for UpJobz readers.
- Maximize risk reduction by identifying strategic opportunities that fit naturally into existing R&D work
- Ensure that material product security risks and tradeoffs are surfaced, acknowledged, and decided at the right leadership levels
- Lead SPA/AppSec scaling strategies that increase coverage and support non-linear developer gains, with a clear focus on enabling developer velocity with minimal friction
- Lead, develop, and mentor a team of Product Security Architects and closely-aligned specialists who are dedicated to major product functional areas (e.g., Sec Section, AI, Core DevOps)
- Own and continuously evolve the Product Security Architecture strategy and partnership model, shifting architects from embedded consultants to accelerators of secure architecture delivery, and serve as a strategic partner to Product and Engineering Directors/VPs
- Oversee and mature the Product Security Risk Register , ensuring systemic product security risks are clearly articulated, prioritized with Product and Engineering, and paired with multi-quarter risk reduction plans that reduce long-term product security debt.
Why this listing is more than a copied job post.
Director, Product Security Architecture is framed against UpJobz source checks, country scope, compensation visibility, and work-authorization signals so candidates can make a faster go/no-go decision.
Canada tech market
Canada roles on UpJobz are filtered for high-tech relevance, source freshness, and actionable employer detail before they are allowed into SEO surfaces.
Compensation read
The employer source does not expose a reliable salary range, so candidates should ask for compensation early instead of waiting until late-stage interviews.
Work authorization read
Current extracted signal: Open to TN, H-1B, and OPT candidates already in the United States. UpJobz treats this as a search signal, not legal advice, and links visa-sensitive roles back to the relevant visa hub where possible.
Location read
Because this is remote, country scope and time-zone expectations matter as much as the title. Confirm the employer's allowed work locations on job-boards.greenhouse.io.
Browse similar jobs
Turn this listing into an application plan.
This is the first pass at the premium UpJobz layer: a fast brief that helps serious applicants move with more clarity.
Next moves
- Tailor your resume around ai and llm instead of sending a generic application.
- Use the first two bullets of your application to connect your background directly to director, product security architecture is a high-signal remote role in remote (canada), and it is most realistic for open to tn, h-1b, and opt candidates already in the united states.
- Open the role quickly if it fits and bookmark three similar jobs before you leave the page.
Interview themes
Watchouts
- Compensation is hidden, so get range clarity in the first recruiter conversation.
- Use open to tn, h-1b, and opt candidates already in the united states as part of your positioning so the recruiter does not have to infer it.
- Lead with distributed collaboration, async delivery, and timezone discipline.
Keywords to match against your background
Use these terms to decide whether your resume, portfolio, and recent projects line up with the role.
Apply through the employer source
Open the source listing from job-boards.greenhouse.io, confirm the role is still active, then apply on the employer or ATS page.
Source: job-boards.greenhouse.io · Source ID: 8461323002 · Confidence: 90/100 · Last checked: May 7, 2026
How UpJobz verifies job sourcesContinue browsing tech jobs