Intermediate Vulnerability Researcher, AST: Vulnerability Research

Requirements

• Experience developing or improving vulnerability detection capabilities in web security or a closely related area.
• Knowledge of the vulnerability management process and how research connects to product outcomes.
• Understanding of software composition analysis and software supply chain ecosystems.
• Experience with source code analysis, static application security testing, dynamic application security testing, and benchmarking the efficacy of security tools.
• Knowledge of compilers and compiler design as it relates to code analysis and detection techniques.
• Experience building automated web security testing or analysis tools.
• Ability to contribute in a product development environment and work effectively with cross-functional partners.
• Interest in security and open source, with openness to candidates who bring transferable experience from adjacent research, application security, or detection-focused roles.

What you'll be doing

• Carry out vulnerability research and develop proof of concepts that inform GitLab security products and internal security efforts.
• Curate advisory databases for dependency scanning by reviewing, editing, and adding advisories while reducing repetitive manual work through automation.
• Build benchmarks that test the efficacy of scanning and detection products across supported security categories.
• Measure product efficacy over time and use findings to improve the quality and reliability of detection results.
• Assess security product output and perform root cause analysis to identify gaps, false positives, false negatives, and opportunities for improvement.
• Write detailed technical reports that document research findings, methods, and recommendations clearly.
• Respond to internal and external questions related to vulnerabilities, advisories, and detection behavior.
• Collaborate with Security, Development, and Product teams to apply research insights to GitLab's integrated security capabilities.

Perks and Benefits

• Benefits to support your health, finances, and well-being
• Flexible Paid Time Off
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and Development Fund
• Parental leave
• Home office support