Intermediate Vulnerability Research Engineer, Application Security Testing: Vulnerability Research at GitLab

GitLab is seeking an Intermediate Vulnerability Research Engineer to join its Engineering department. In this role, the individual will focus on improving GitLab’s security detection capabilities within the Application Security Testing stage groups, including SAST, DAST, Secret Detection, and Composition Analysis. The Vulnerability Research Engineer will conduct research to analyze software vulnerabilities, explore exploitation methods, track new vectors, and discover novel approaches in software security, applying this knowledge to GitLab's security products and the platform itself.

What This Role Involves:

• Conducting research and developing proofs of concept affecting GitLab's security products.
• Curating advisory databases for dependency scanning.
• Building benchmarks to test and improve the efficacy of scanning and detection products.
• Measuring and improving the efficacy of scanning and detection products over time.
• Writing detailed technical reports.
• Assessing security product output and conducting root cause analysis.
• Responding to internal and external customer inquiries on vulnerabilities.

Requirements:

• 3+ years of direct experience in developing and improving vulnerability detection products in web security.
• Knowledge of vulnerability management process.
• Knowledge of software composition analysis (SCA) and software supply chain ecosystems.
• Experience with SAST, DAST, and benchmarking the efficacy of these products.
• Knowledge about compilers, compiler design and construction.
• Experience in automated web security testing/analysis tools.
• Passion for security and open source, and enjoy collaborating with cross-functional teams.

What GitLab Offers:

• All remote, asynchronous work environment
• Flexible Paid Time Off
• Equity Compensation & Employee Stock Purchase Plan
• Growth and development budget
• Parental leave
• Home office support