Senior Product Manager, Secret Detection

An overview of this role

As the Senior Product Manager for Secret Detection, you’ll lead the product area that helps GitLab customers avoid one of their most urgent risks: leaked secrets. You’ll own core capabilities like Secret Push Protection, Secret Validity Checks, and improved detection of passwords and other hard-to-spot secrets, shaping strategy and execution for features that must work in milliseconds and at global scale. You’ll work independently while partnering closely with the Secret Detection engineering team, the Vulnerability Research team, and other Security product managers to define the future of DevSecOps security at GitLab. In your first year, you’ll focus on expanding detection coverage for generic secrets, rethinking workflows for compromised secrets with Engineering and UX, and assessing the business potential of Secret Detection as a distinct offering, shipping products that security professionals trust and developers are happy to adopt.

Some examples of our projects:

• Secret Validity Checks – Beta 
• Secret Push Protection – GA 

What you’ll do

• Lead the product vision and roadmap for Secret Detection, with a focus on protecting customers from leaked secrets across GitLab Ultimate.
• Collaborate with customers, account teams, and field stakeholders to understand needs, validate problems, and translate them into clear product priorities.
• Drive discovery and delivery for new capabilities such as Secret Push Protection, Secret Validity Checks, and improved detection of passwords and generic secrets.
• Define and refine product requirements, user stories, and acceptance criteria for engineering, ensuring features are usable, reliable, and performant in real time.
• Partner closely with the Secret Detection engineering and Vulnerability Research teams to evolve detection techniques, rules, and accuracy, including AI-powered features.
• Work with engineering management and UX to improve workflows for compromised secrets and to iterate on the end-to-end Secret Detection user experience.
• Analyze product usage, customer feedback, and market signals to evaluate the business potential of Secret Detection and guide investment decisions.
• Collaborate with Product Marketing and Field Enablement to position Secret Detection, create enablement materials, and represent GitLab in customer meetings, webinars, and other external forums.

What you’ll bring

• Product management experience owning complex, technical products from discovery through launch, ideally in enterprise software or security tools used by development teams
• Proven experience with application security products, with practical exposure to Secret Detection or closely related security capabilities
• Understanding of key application security personas, including developers, security engineers, and security leaders, and how they evaluate and adopt products
• Experience working with large B2B customers and translating their security, compliance, and operational needs into product priorities and roadmaps
• Ability to synthesize qualitative feedback, product usage data, and market research into clear, actionable product decisions
• Strong written and verbal communication skills, with the ability to explain complex security and detection concepts to both technical and non-technical audiences
• Familiarity with code and development workflows, enabling you to understand Secret Detection findings, discuss detection tradeoffs with engineers and researchers, and create simple demonstrations
• Openness to learning, with transferable skills from related areas such as static analysis, AI-powered security features, or other application security techniques

About the team

The Secret Detection team builds and maintains the capabilities that help GitLab customers prevent, detect, and respond to leaked secrets across our DevSecOps platform. The core team includes 6 full-time engineers and 1 engineering manager, working closely with you as the Senior Product Manager and collaborating with the Vulnerability Research team on detection techniques, rules, and innovative experiments. The team works in an all-remote, asynchronous way across regions, partnering with other security product teams when secret detection is part of their features. Current focus areas include expanding coverage for hard-to-detect “generic secrets” like API tokens and passwords, rethinking workflows for compromised secrets in partnership with engineering and UX, and assessing the distinct business potential of Secret Detection as part of GitLab Ultimate.