Intermediate Vulnerability Research Engineer, Application Security Testing: Vulnerability Research
AI Summary ✨
Requirements
3+ years of direct experience in developing and improving vulnerability detection products in the context of web security.
Knowledge of the vulnerability management process.
Knowledge of software composition analysis (SCA) and software supply chain ecosystems.
Experience with source code analysis, static application security testing (SAST), and dynamic application security testing (DAST) along with benchmarking experience testing the efficacy of these products.
Knowledge about compilers, compiler design and construction.
Experience developing automated web security testing/analysis tools.
Experience in product development.
You have a passion for security and open source, and enjoy collaborating with cross-functional teams.
What You'll Be Doing
Carry out research and come up with proofs of concepts that affect the security products and GitLab, including SAST, DAST, Secret Detection and Composition Analysis.
Curate advisory databases for dependency scanning.
Build/develop benchmarks to test the efficacy of scanning and detection products.
Measure and Improve the efficacy of scanning and detection products over time.
Write detailed technical reports.
Assess security product output results and conduct root cause analysis.
Respond to internal and external customer inquiries on vulnerabilities.
Nice to Haves
Experience in vulnerability detection products
Perks and Benefits
Benefits to support your health, finances, and well-being
All remote, asynchronous work environment
Flexible Paid Time Off
Team Member Resource Groups
Equity Compensation & Employee Stock Purchase Plan