Intermediate Vulnerability Researcher, AST: Vulnerability Research at GitLab

Requirements

Experience developing or improving vulnerability detection capabilities in web security or a closely related area.
Knowledge of the vulnerability management process and how research connects to product outcomes.
Understanding of software composition analysis and software supply chain ecosystems.
Experience with source code analysis, static application security testing, dynamic application security testing, and benchmarking the efficacy of security tools.
Knowledge of compilers and compiler design as it relates to code analysis and detection techniques.
Experience building automated web security testing or analysis tools.
Ability to contribute in a product development environment and work effectively with cross-functional partners.
Interest in security and open source, with openness to candidates who bring transferable experience from adjacent research, application security, or detection-focused roles.

Carry out vulnerability research and develop proof of concepts that inform GitLab security products and internal security efforts.
Curate advisory databases for dependency scanning by reviewing, editing, and adding advisories while reducing repetitive manual work through automation.
Build benchmarks that test the efficacy of scanning and detection products across supported security categories.
Measure product efficacy over time and use findings to improve the quality and reliability of detection results.
Assess security product output and perform root cause analysis to identify gaps, false positives, false negatives, and opportunities for improvement.
Write detailed technical reports that document research findings, methods, and recommendations clearly.
Respond to internal and external questions related to vulnerabilities, advisories, and detection behavior.
Collaborate with Security, Development, and Product teams to apply research insights to GitLab's integrated security capabilities.