Intermediate Vulnerability Research Engineer, Application Security Testing: Vulnerability Research

Requirements

• 3+ years of direct experience in developing and improving vulnerability detection products in the context of web security.
• Knowledge of the vulnerability management process.
• Knowledge of software composition analysis (SCA) and software supply chain ecosystems.
• Experience with source code analysis, static application security testing (SAST), and dynamic application security testing (DAST) along with benchmarking experience testing the efficacy of these products.
• Knowledge about compilers, compiler design and construction.
• Experience developing automated web security testing/analysis tools.
• Experience in product development.
• You have a passion for security and open source, and enjoy collaborating with cross-functional teams.

What You'll Be Doing

• Carry out research and come up with proofs of concepts that affect the security products and GitLab, including SAST, DAST, Secret Detection and Composition Analysis.
• Curate advisory databases for dependency scanning.
• Build/develop benchmarks to test the efficacy of scanning and detection products.
• Measure and Improve the efficacy of scanning and detection products over time.
• Write detailed technical reports.
• Assess security product output results and conduct root cause analysis.
• Respond to internal and external customer inquiries on vulnerabilities.

Nice to Haves

• Experience in vulnerability detection products

Perks and Benefits

• Benefits to support your health, finances, and well-being
• All remote, asynchronous work environment
• Flexible Paid Time Off
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and development budget
• Parental leave
• Home office support