RemoteLeaf Logo
Log in Sign up

Intermediate Vulnerability Researcher, AST: Vulnerability Research

1 day, 23 hours ago
United States
Full-time
Mid Level
Application Security Engineer
Cybersecurity
Apply Now
GitLab

GitLab

GitLab: The comprehensive DevOps platform revolutionizing software development with automation, AI workflows, and essential tools for efficient collaboration.

Internet Software & Services
1K-5K
Founded 2014
View All Jobs 179

Description

  • Carry out vulnerability research and develop proof of concepts that inform GitLab security products and internal security efforts.
  • Curate advisory databases for dependency scanning by reviewing, editing, and adding advisories while reducing repetitive manual work through automation.
  • Build benchmarks that test the efficacy of scanning and detection products across supported security categories.
  • Measure product efficacy over time and use findings to improve the quality and reliability of detection results.
  • Assess security product output and perform root cause analysis to identify gaps, false positives, false negatives, and opportunities for improvement.
  • Write detailed technical reports that document research findings, methods, and recommendations clearly.
  • Respond to internal and external questions related to vulnerabilities, advisories, and detection behavior.
  • Collaborate with Security, Development, and Product teams to apply research insights to GitLab's integrated security capabilities.

Requirements

  • Experience developing or improving vulnerability detection capabilities in web security or a closely related area.
  • Knowledge of the vulnerability management process and how research connects to product outcomes.
  • Understanding of software composition analysis and software supply chain ecosystems.
  • Experience with source code analysis, static application security testing, dynamic application security testing, and benchmarking the efficacy of security tools.
  • Knowledge of compilers and compiler design as it relates to code analysis and detection techniques.
  • Experience building automated web security testing or analysis tools.
  • Ability to contribute in a product development environment and work effectively with cross-functional partners.
  • Interest in security and open source, with openness to candidates who bring transferable experience from adjacent research, application security, or detection-focused roles.

Benefits

  • Base salary range of $98,000 to $210,000 USD for the listed U.S. level.
  • Flexible Paid Time Off.
  • Equity compensation and Employee Stock Purchase Plan.
  • Growth and Development Fund.
  • Parental leave.
  • Home office support.
  • Benefits to support health, finances, and well-being.
  • Remote work, with roles generally offered globally and some location-based eligibility requirements.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Coinbase

Blockchain Security Engineer

Coinbase 1K-5K Capital Markets

Coinbase is hiring a Blockchain Security Engineer for its Decentralized Financial Security Team to help design and secure upcoming crypto products and features used by millions of customers.

United States Full-time Senior Application Security Engineer
$152k-$179k
Blockchain Databricks Generative AI Snowflake
1 day, 2 hours ago
Veeam Software

Application Security Engineer - Pentester

Veeam Software 1K-5K Internet Software & Services

Veeam is hiring an Application Security Engineer (Offensive Testing) to lead penetration testing and DAST for Veeam Data Cloud products and help engineering teams remediate exploitable web and API security issues.

Czech Republic Full-time Senior Application Security Engineer Penetration Tester
Burp Suite CI/CD OAuth OpenID Connect Penetration Testing SAML
1 day, 3 hours ago
Brex

Senior Application Security Engineer

Brex 1K-5K Diversified Financial Services

Brex is hiring a Senior Application Security Engineer to secure its financial platform by identifying vulnerabilities, improving secure development practices, and helping protect new AI-driven product features.

Anywhere Full-time Senior Application Security Engineer
$192k-$240k
AWS GraphQL gRPC Kotlin Kubernetes Penetration Testing Python
1 day, 4 hours ago
Quanata

Senior Application Security Engineer [Remote-US]

Quanata 201-500 information technology & services

Quanata is hiring a Senior Application Security Engineer to partner with web, backend, and data science teams to embed security across the software development lifecycle for its context-based insurance products.

United States Full-time Senior Application Security Engineer
$220k-$350k
AWS CI/CD Docker GraphQL JavaScript Kubernetes Microservices Node.js Penetration Testing REST API SonarQube TypeScript
1 day, 4 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers