Senior Product Manager, Secret Detection

GitLab is an open-core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world. When everyone can contribute, consumers become contributors, significantly accelerating human progress. Our platform unites teams and organizations, breaking down barriers and redefining what's possible in software development. Thanks to products like Duo Enterprise and Duo Agent Platform, customers get AI benefits at every stage of the SDLC. 

The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier, with all team members expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact. GitLab is where careers accelerate, innovation flourishes, and every voice is valued. Our high-performance culture is driven by our values and continuous knowledge exchange, enabling our team members to reach their full potential while collaborating with industry leaders to solve complex problems. Co-create the future with us as we build technology that transforms how the world develops software.

An overview of this role

As the Senior Product Manager for Secret Detection, you’ll lead the product area that helps GitLab customers avoid one of their most urgent risks: leaked secrets. You’ll own core capabilities like Secret Push Protection, Secret Validity Checks, and improved detection of passwords and other hard-to-spot secrets, shaping strategy and execution for features that must work in milliseconds and at global scale. You’ll work independently while partnering closely with the Secret Detection engineering team, the Vulnerability Research team, and other Security product managers to define the future of DevSecOps security at GitLab. In your first year, you’ll focus on expanding detection coverage for generic secrets, rethinking workflows for compromised secrets with Engineering and UX, and assessing the business potential of Secret Detection as a distinct offering, shipping products that security professionals trust and developers are happy to adopt.

Some examples of our projects:

• Secret Validity Checks – Beta 
• Secret Push Protection – GA 

What you’ll do

• Lead the product vision and roadmap for Secret Detection, with a focus on protecting customers from leaked secrets across GitLab Ultimate.
• Collaborate with customers, account teams, and field stakeholders to understand needs, validate problems, and translate them into clear product priorities.
• Drive discovery and delivery for new capabilities such as Secret Push Protection, Secret Validity Checks, and improved detection of passwords and generic secrets.
• Define and refine product requirements, user stories, and acceptance criteria for engineering, ensuring features are usable, reliable, and performant in real time.
• Partner closely with the Secret Detection engineering and Vulnerability Research teams to evolve detection techniques, rules, and accuracy, including AI-powered features.
• Work with engineering management and UX to improve workflows for compromised secrets and to iterate on the end-to-end Secret Detection user experience.
• Analyze product usage, customer feedback, and market signals to evaluate the business potential of Secret Detection and guide investment decisions.
• Collaborate with Product Marketing and Field Enablement to position Secret Detection, create enablement materials, and represent GitLab in customer meetings, webinars, and other external forums.

What you’ll bring

• Product management experience owning complex, technical products from discovery through launch, ideally in enterprise software or security tools used by development teams
• Proven experience with application security products, with practical exposure to Secret Detection or closely related security capabilities
• Understanding of key application security personas, including developers, security engineers, and security leaders, and how they evaluate and adopt products
• Experience working with large B2B customers and translating their security, compliance, and operational needs into product priorities and roadmaps
• Ability to synthesize qualitative feedback, product usage data, and market research into clear, actionable product decisions
• Strong written and verbal communication skills, with the ability to explain complex security and detection concepts to both technical and non-technical audiences
• Familiarity with code and development workflows, enabling you to understand Secret Detection findings, discuss detection tradeoffs with engineers and researchers, and create simple demonstrations
• Openness to learning, with transferable skills from related areas such as static analysis, AI-powered security features, or other application security techniques

About the team

The Secret Detection team builds and maintains the capabilities that help GitLab customers prevent, detect, and respond to leaked secrets across our DevSecOps platform. The core team includes 6 full-time engineers and 1 engineering manager, working closely with you as the Senior Product Manager and collaborating with the Vulnerability Research team on detection techniques, rules, and innovative experiments. The team works in an all-remote, asynchronous way across regions, partnering with other security product teams when secret detection is part of their features. Current focus areas include expanding coverage for hard-to-detect “generic secrets” like API tokens and passwords, rethinking workflows for compromised secrets in partnership with engineering and UX, and assessing the distinct business potential of Secret Detection as part of GitLab Ultimate.

How GitLab will support you

• Benefits to support your health, finances, and well-being
• Flexible Paid Time Off 
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and Development Fund
• Parental leave 
• Home office support

Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application.

Country Hiring Guidelines: GitLab hires new team members in countries around the world. All of our roles are remote, however some roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process.  

Privacy Policy: Please review our Recruitment Privacy Policy. Your privacy is important to us.

GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics. See also GitLab’s EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know during the recruiting process.