Software Engineering Manager, Application Security Testing: Composition Analysis & Dynamic Analysis
GitLab
Software Engineering Manager, Application Security Testing: Composition Analysis & Dynamic Analysis
Job Description
About this Role
Lead innovative teams at GitLab, the pioneer of the AI-powered DevSecOps platform revolutionizing software development worldwide.
Empower everyone to contribute and co-create the software that drives human progress through our comprehensive security solutions.
As Engineering Manager for Composition Analysis and Dynamic Analysis, shape the future of application security scanning.
Guide engineers building cutting-edge capabilities in software composition analysis, container scanning, and dynamic testing.
Drive exciting initiatives like auto-remediation of vulnerabilities and advanced DAST crawler enhancements for modern web apps.
Join a high-performance culture where AI amplifies productivity, innovation thrives, and every voice shapes our mission.
Balance complex roadmaps to deliver cohesive, end-to-end security experiences that customers trust and rely on.
Collaborate with industry leaders to solve intricate security challenges in the software supply chain.
Accelerate your career in a values-driven environment fostering continuous learning and asynchronous global teamwork.
Co-create the future by making security reliable, scalable, and seamlessly integrated into the DevSecOps lifecycle.
Locations
- United States (Remote)
Salary
Salary details available upon request
280,000 - 450,000 USD / yearly
Source: ai estimated
* This is an estimated range based on market data and may vary based on experience and qualifications.
Skills Required
- Software composition analysisintermediate
- Dynamic application security testing (DAST)intermediate
- API security testingintermediate
- Container scanningintermediate
- Fuzz testingintermediate
- Agile project managementintermediate
- Dependency management systemsintermediate
- Package managersintermediate
- Open source security tools (OWASP ZAP, Trivy)intermediate
- Security product architectureintermediate
Required Qualifications
- Background leading multiple technical teams or groups, ideally in application security (experience)
- Practical understanding of software composition analysis and dependency risk management (experience)
- Knowledge of dynamic application security testing (DAST), API security, and web app testing (experience)
- Familiarity with containerization technologies, package managers, and dependency systems (experience)
- Experience with open source security tools like OWASP ZAP or Trivy (experience)
- Ability to plan and run agile processes across multiple teams (experience)
- Skill in guiding product and architecture decisions for security tools (experience)
- Openness to transferable experience from security engineering or DevSecOps (experience)
- Proven experience coordinating priorities and dependencies in engineering teams (experience)
- Strong motivation to grow in application security leadership (experience)
Preferred Qualifications
- Deep expertise in fuzz testing methodologies (experience)
- Experience with static reachability analysis (experience)
- Knowledge of scanning unmanaged C/C++ dependencies (experience)
- Familiarity with snippet detection for open source components (experience)
- Background in auto-remediation workflows for vulnerabilities (experience)
- Advanced skills in DAST crawler optimization (experience)
- Experience scaling security solutions in DevSecOps platforms (experience)
- Proficiency in AI integration for security workflows (experience)
- Track record of improving security tool reliability and coverage (experience)
- Leadership in cross-functional security product development (experience)
Responsibilities
- Lead engineers across Composition Analysis and Dynamic Analysis groups
- Set clear priorities and expectations for security-focused teams
- Drive initiatives like auto-remediation and static reachability analysis
- Improve DAST crawler efficiency, stability, and web app coverage
- Balance priorities and resources across multiple engineering teams
- Author project plans for epics spanning both groups
- Run agile processes including planning, estimation, and improvements
- Provide architecture guidance for scalable security products
- Collaborate to ensure consistent application security approaches
- Coordinate work to deliver cohesive end-to-end security experiences
Benefits
- general: Competitive base salary with market-aligned compensation
- general: Equity compensation and Employee Stock Purchase Plan
- general: Flexible Paid Time Off policy
- general: Comprehensive health, dental, and vision benefits
- general: Generous parental leave support
- general: Home office equipment and setup allowance
- general: Growth and Development Fund for professional advancement
- general: Team Member Resource Groups for inclusion and belonging
- general: AI productivity tools integrated into daily workflows
- general: Continuous learning through knowledge exchange programs
Tags & Categories
Software Engineering Manager, Application Security Testing: Composition Analysis & Dynamic Analysis
GitLab
Software Engineering Manager, Application Security Testing: Composition Analysis & Dynamic Analysis
Job Description
About this Role
Lead innovative teams at GitLab, the pioneer of the AI-powered DevSecOps platform revolutionizing software development worldwide.
Empower everyone to contribute and co-create the software that drives human progress through our comprehensive security solutions.
As Engineering Manager for Composition Analysis and Dynamic Analysis, shape the future of application security scanning.
Guide engineers building cutting-edge capabilities in software composition analysis, container scanning, and dynamic testing.
Drive exciting initiatives like auto-remediation of vulnerabilities and advanced DAST crawler enhancements for modern web apps.
Join a high-performance culture where AI amplifies productivity, innovation thrives, and every voice shapes our mission.
Balance complex roadmaps to deliver cohesive, end-to-end security experiences that customers trust and rely on.
Collaborate with industry leaders to solve intricate security challenges in the software supply chain.
Accelerate your career in a values-driven environment fostering continuous learning and asynchronous global teamwork.
Co-create the future by making security reliable, scalable, and seamlessly integrated into the DevSecOps lifecycle.
Locations
- United States (Remote)
Salary
Salary details available upon request
280,000 - 450,000 USD / yearly
Source: ai estimated
* This is an estimated range based on market data and may vary based on experience and qualifications.
Skills Required
- Software composition analysisintermediate
- Dynamic application security testing (DAST)intermediate
- API security testingintermediate
- Container scanningintermediate
- Fuzz testingintermediate
- Agile project managementintermediate
- Dependency management systemsintermediate
- Package managersintermediate
- Open source security tools (OWASP ZAP, Trivy)intermediate
- Security product architectureintermediate
Required Qualifications
- Background leading multiple technical teams or groups, ideally in application security (experience)
- Practical understanding of software composition analysis and dependency risk management (experience)
- Knowledge of dynamic application security testing (DAST), API security, and web app testing (experience)
- Familiarity with containerization technologies, package managers, and dependency systems (experience)
- Experience with open source security tools like OWASP ZAP or Trivy (experience)
- Ability to plan and run agile processes across multiple teams (experience)
- Skill in guiding product and architecture decisions for security tools (experience)
- Openness to transferable experience from security engineering or DevSecOps (experience)
- Proven experience coordinating priorities and dependencies in engineering teams (experience)
- Strong motivation to grow in application security leadership (experience)
Preferred Qualifications
- Deep expertise in fuzz testing methodologies (experience)
- Experience with static reachability analysis (experience)
- Knowledge of scanning unmanaged C/C++ dependencies (experience)
- Familiarity with snippet detection for open source components (experience)
- Background in auto-remediation workflows for vulnerabilities (experience)
- Advanced skills in DAST crawler optimization (experience)
- Experience scaling security solutions in DevSecOps platforms (experience)
- Proficiency in AI integration for security workflows (experience)
- Track record of improving security tool reliability and coverage (experience)
- Leadership in cross-functional security product development (experience)
Responsibilities
- Lead engineers across Composition Analysis and Dynamic Analysis groups
- Set clear priorities and expectations for security-focused teams
- Drive initiatives like auto-remediation and static reachability analysis
- Improve DAST crawler efficiency, stability, and web app coverage
- Balance priorities and resources across multiple engineering teams
- Author project plans for epics spanning both groups
- Run agile processes including planning, estimation, and improvements
- Provide architecture guidance for scalable security products
- Collaborate to ensure consistent application security approaches
- Coordinate work to deliver cohesive end-to-end security experiences
Benefits
- general: Competitive base salary with market-aligned compensation
- general: Equity compensation and Employee Stock Purchase Plan
- general: Flexible Paid Time Off policy
- general: Comprehensive health, dental, and vision benefits
- general: Generous parental leave support
- general: Home office equipment and setup allowance
- general: Growth and Development Fund for professional advancement
- general: Team Member Resource Groups for inclusion and belonging
- general: AI productivity tools integrated into daily workflows
- general: Continuous learning through knowledge exchange programs
Tags & Categories