Intermediate Vulnerability Researcher, AST: Vulnerability Research

Intermediate Vulnerability Researcher, AST: Vulnerability Research

As an Intermediate Vulnerability Researcher at GitLab, you will play a key role in enhancing how we detect and understand software vulnerabilities. Your work will support our Application Security Testing offerings and help improve security for our users.

About the Role

In this position, you will help improve GitLab's detection capabilities in Static Application Security Testing (SAST), Secret Detection, and Composition Analysis (SCA). You will research vulnerabilities, develop proof of concepts, and provide insights that lead to practical improvements in our security products.

What You'll Do

• Conduct vulnerability research and develop proof of concepts to inform GitLab's security products.
• Curate advisory databases for dependency scanning by reviewing and adding advisories, while automating repetitive tasks.
• Create benchmarks to test the effectiveness of our scanning and detection products.
• Measure product efficacy over time and use findings to enhance detection quality.
• Perform root cause analysis on security product outputs to identify gaps and opportunities for improvement.
• Write clear technical reports documenting your research findings and recommendations.
• Respond to inquiries related to vulnerabilities and detection behavior.
• Collaborate with Security, Development, and Product teams to apply your research insights.

What We're Looking For

• Experience in developing or improving vulnerability detection capabilities in web security or a related area.
• Knowledge of the vulnerability management process and its connection to product outcomes.
• Understanding of software composition analysis and software supply chain ecosystems.
• Experience with source code analysis, static and dynamic application security testing, and benchmarking security tools.
• Familiarity with compilers and compiler design as it relates to code analysis.
• Experience building automated web security testing or analysis tools.
• Ability to work effectively in a product development environment with cross-functional teams.
• Interest in security and open source, with openness to candidates from adjacent research or detection-focused roles.

Nice to Have

While not required, any additional experience or knowledge in related fields will be considered a plus.

What We Offer

The base salary range for this role is $98,000 - $210,000 USD, depending on experience and location. This range reflects the base salary rate for residents of the United States and does not include bonuses, equity, or benefits.

• Flexible Paid Time Off
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and Development Fund
• Parental leave
• Home office support

We encourage candidates with varying levels of experience to apply. Many successful candidates do not meet every single requirement. If you are excited about this role, please apply and let our recruiters assess your application.

GitLab is an equal opportunity workplace. We do not tolerate discrimination or harassment based on any characteristic protected by law. If you need accommodation during the recruiting process, please let us know.