Draft: Create a division-wide standard for "Principal Security Engineer" role
Why is this change being made?
This MR proposes working across the Security division to refine our definition of a "Principal Security Engineer" and to document this in the appropriate handbook locations.
The reasons for doing this are as follows:
- A Principal Engineer is equivalent to a Senior Manager role, meaning the engineer would have responsibilities spanning at least an entire sub-department. The definitions that exist today seem to be narrowly focused on individual departments.
- Security has recently been moved out of Engineering, and our current definitions of Principal roles may need to evolve with new ways of operating.
- There has been some confusion on how exactly this role will work, who they will report to, how many we can have in the department, etc. Hopefully we can use this process to add clarity.
- We now have a Principal Engineer in our division, and we can use their experience to help with this process.
The text in this initial commit is a draft meant to continue an internal conversation. There are probably mistakes in this first draft - incorrect assumptions, items lacking clarity, etc. Let's use this MR to work through all of this and come up with a standard we can use across the Security division.
It is likely that this MR will cause us to rethink both the Staff and Distinguished roles as well, and we may end up pulling items from one into another.
We currently have a Principal Security Engineer defined across the following groups. After this is merged, we may want to update those to reference this new description.
- https://about.gitlab.com/job-families/security/security-engineer/#principal-security-engineer
- https://about.gitlab.com/job-families/security/security-research/#principal-security-research-engineer
- https://about.gitlab.com/job-families/security/security-program-manager/#principal-security-program-manager
- https://about.gitlab.com/job-families/security/security-compliance/#principal-security-compliance-engineer
- https://about.gitlab.com/job-families/security/red-team/#principal-red-team-engineer
- https://about.gitlab.com/job-families/security/external-security-communications/#security-analyst-external-security-communications-principal
Author Checklist
-
Provided a concise title for this Merge Request (MR) -
Added a description to this MR explaining the reasons for the proposed change, per say why, not just what - Copy/paste the Slack conversation to document it for later, or upload screenshots. Verify that no confidential data is added, and the content is SAFE
-
Assign reviewers for this MR to the correct Directly Responsible Individual/s (DRI) - If the DRI for the page/s being updated isn’t immediately clear, then assign it to one of the people listed in the
Maintained bysection on the page being edited - If your manager does not have merge rights, please ask someone to merge it AFTER it has been approved by your manager in #mr-buddies
- The when to get approval handbook section explains the workflow in more detail
- If the DRI for the page/s being updated isn’t immediately clear, then assign it to one of the people listed in the
-
If the changes affect team members, or warrant an announcement in another way, please consider posting an update in #whats-happening-at-gitlab linking to this MR - If this is a change that directly impacts the majority of global team members, it should be a candidate for #company-fyi. Please work with internal communications and check the handbook for examples.