Engineering Manager, AST: Composition Analysis

Remote $81k–$138k middle 2 months ago full-time quality 8.1/10
application securitycloud securitysoftware composition analysiscontainerization technologiespackage managersdependency management systemsopen source security tooling
  • Lead engineers across the Composition Analysis team, setting clear priorities and expectations.
  • Drive key security initiatives, including auto-remediation of vulnerable software packages, scanning unmanaged C/C++ dependencies, static reachability analysis, and snippet detection for open source dependencies.
  • Balance priorities and resources across the Composition Analysis team to ensure sustainable delivery and high-quality outcomes.
  • Author and maintain project plans for epics within the Composition Analysis team, aligning work, identifying dependencies, and ensuring quality delivery.
  • Run agile project management processes for the Composition Analysis team, including planning, estimation, and continuous improvement of delivery practices.
  • Provide guidance on the architecture of software composition analysis solutions, ensuring they are robust, scalable, and effective.
  • Collaborate closely with the Composition Analysis team to ensure consistent, high-quality approaches to application security across GitLab's platform.
  • Background leading multiple technical teams or groups, ideally in application security or cloud security.
  • Practical understanding of software composition analysis, including how to assess and manage risks in application dependencies.
  • Familiarity with containerization technologies, package managers, and dependency management systems.
  • Experience working with or around open source security tooling (for example, Syft, Grype, Trivy, or similar tools).
  • Ability to plan and run agile project management processes for the Composition Analysis team, including coordinating priorities and dependencies.
  • Skill in guiding product and architecture decisions for security scanning tools, balancing technical constraints with customer needs.
  • Openness to candidates with transferable experience in security engineering, DevSecOps, or vulnerability management who are motivated to grow in application security leadership.

Similar jobs

Before you apply

  • Legitimate employers never ask you to pay anything to apply or get hired.
  • Never share seed phrases or private keys. No real job needs them.
  • Do not install software ("test tasks", "trading tools", "video call clients") sent during hiring.
  • Check that the application page's domain really belongs to GitLab.