znaidy
Войти
DevelopmentMiddle

Intermediate Vulnerability Researcher, AST: Vulnerability Research

GitLabТребуется английский

GitLab is seeking an Intermediate Vulnerability Researcher to improve vulnerability detection across Application Security Testing offerings including SAST, Secret Detection, and Composition Analysis. In this role, you'll conduct security research, develop proof of concepts, and help GitLab teams and customers achieve more accurate security results.

Задачи

  • Conduct vulnerability research and develop proof of concepts for GitLab security products
  • Curate advisory databases by reviewing, editing, and adding advisories while automating repetitive work
  • Build benchmarks to test efficacy of scanning and detection products
  • Measure product efficacy over time and improve detection quality and reliability
  • Assess security product output and perform root cause analysis to identify gaps and false positives/negatives
  • Write detailed technical reports documenting research findings and recommendations
  • Respond to internal and external questions about vulnerabilities and detection behavior
  • Collaborate with Security, Development, and Product teams to apply research insights

Требования

  • Experience developing or improving vulnerability detection capabilities in web security or related area
  • Knowledge of vulnerability management process and how research connects to product outcomes
  • Understanding of software composition analysis and software supply chain ecosystems
  • Experience with source code analysis, SAST, DAST, and benchmarking security tools efficacy
  • Knowledge of compilers and compiler design related to code analysis and detection techniques
  • Experience building automated web security testing or analysis tools
  • Ability to contribute in product development environment and work with cross-functional partners
  • Interest in security and open source with openness to transferable experience from adjacent research or application security roles

Условия

  • Flexible Paid Time Off
  • Benefits supporting health, finances, and well-being
  • Team Member Resource Groups
  • Equity Compensation and Employee Stock Purchase Plan
  • Growth and Development Fund
  • Parental leave
  • Home office support
  • Distributed, asynchronous work environment