Staff Backend Engineer, AST: Composition Analysis

As a Staff Engineer on GitLab's Software Composition Analysis (SCA) team, you'll drive hands-on implementation of security features that help customers understand and manage risks in their software supply chain. Your focus will be on enhancing GitLab's SCA capabilities in dependency scanning and container scanning.

You'll work directly on architecture and technical implementation, helping the team push forward on three core goals:

• Gather: Introducing data points that help customers understand the urgency of issues (e.g., reachability analysis, supply chain poisoning detection).

• Integrate: Providing other teams with innovative collection techniques for better workflows.

• Optimize: Solving data correlation at massive scale.

Future features you may help build:

• Dependency scanning for unmanaged C/C++.

• Dependency Scanning for Yocto environments.

• Vulnerability detection using CPE-based matching against package metadata.

What You’ll Do

• Feature Implementation: Implement complex features in dependency and container scanning to increase coverage, improve accuracy, and drive adoption.

• Problem Solving: Solve novel technical problems in SCA, establishing reusable patterns that reduce delivery time and improve engineering effectiveness.

• Architectural Guidance: Guide implementation decisions in collaboration with PMs and peer engineers to improve scalability and reliability.

• Code & Quality: Contribute code, design reviews, and technical mentorship that raise quality standards and improve maintainability.

• Cross-Domain Collaboration: Align SCA work with related efforts in vulnerability management and adjacent product areas.

• Technical Debt: Identify and resolve technical debt, prioritizing changes that improve team velocity and code health.

• Stakeholder Partnership: Translate product needs and customer feedback into technical solutions addressing high-impact customer risks.

What You’ll Bring

• Security Expertise: Hands-on experience in Software Composition Analysis (SCA) and deep expertise in building/evolving dependency and container scanning analyzers.

• Technical Proficiency: Expertise in backend technologies, particularly Go and/or Ruby on Rails, with the ability to pick up new technologies quickly.

• Solution Design: Demonstrated ability to design solutions that balance complexity, performance, and maintainability.

• Cloud Familiarity: Familiarity with cloud providers like GCP, CloudFlare, or AWS.

• Tradeoff Evaluation: Ability to evaluate technical tradeoffs in security tooling to help customers manage supply chain risk effectively.

• Communication: Experience explaining complex technical and security concepts to stakeholders and working effectively in distributed, async-first teams.

About the Team

The SCA team is part of GitLab's Sec Engineering group. We focus on building capabilities (dependency, container, and license scanning) that help customers manage risks in their software supply chain. Our team members are distributed across regions including Europe and North America, relying on clear documentation and asynchronous communication.

Compensation & Benefits

• United States Salary Range: $131,600 - $282,000 USD

• (Note: This range reflects the base salary for US residents. Grade and salary are determined by experience, skills, and geographic location. Sales roles may be eligible for incentive pay.)

How GitLab Supports Full-Time Employees:

• Benefits to support health, finances, and well-being.

• Flexible Paid Time Off.

• Equity Compensation & Employee Stock Purchase Plan.

• Growth and Development Fund.

• Parental leave and Home office support.

Diversity & Inclusion Statistics

GitLab maintains transparency regarding its workforce composition to ensure an equitable environment. According to recent public disclosures:

• Women in the Workforce: Approximately 33% of GitLab team members identify as women.

• Underrepresented Groups (US): In the United States, approximately 15-18% of the workforce identifies with underrepresented racial or ethnic groups (including Black, Hispanic/Latinx, and Indigenous groups).

• Hiring Commitment: Studies show that individuals from underrepresented groups are less likely to apply unless they meet 100% of the requirements. GitLab encourages all excited candidates to apply.