Intermediate Vulnerability Research Engineer, Application Security Testing: Vulnerability Research - Remote

Overview

You'll be at the forefront of our R&D efforts within our Engineering department in this role. You’ll be expected to focus on improving GitLab’s security detection capabilities in our Application Security Testing stage groups. This includes SAST, DAST, Secret Detection and Composition Analysis, and future products.

In Short

• Carry out research and come up with proofs of concepts that affect the security products and GitLab.
• Curate advisory databases for dependency scanning.
• Build/develop benchmarks to test the efficacy of scanning and detection products.
• Measure and Improve the efficacy of scanning and detection products over time.
• Write detailed technical reports.
• Assess security product output results and conduct root cause analysis.
• Respond to internal and external customer inquiries on vulnerabilities.

Requirements

• 3+ years of direct experience in developing and improving vulnerability detection products.
• Knowledge of the vulnerability management process.
• Knowledge of software composition analysis and software supply chain ecosystems.
• Experience with source code analysis, SAST, and DAST.
• Knowledge about compilers, compiler design and construction.
• Experience developing automated web security testing/analysis tools.
• Experience in product development.
• Passion for security and open source.

Benefits

• Benefits to support your health, finances, and well-being.
• All remote, asynchronous work environment.
• Flexible Paid Time Off.
• Team Member Resource Groups.
• Equity Compensation & Employee Stock Purchase Plan.
• Growth and development budget.
• Parental leave.
• Home office support.