Staff Backend Engineer AST: Composition Analysis

An overview of this role

As a Staff Engineer on GitLab's Software Composition Analysis team you'll drive hands-on implementation of security features that help customers understand and manage risks in their software supply chain. Your focus will be on enhancing GitLab's SCA capabilities in dependency scanning and container scanning. You'll work directly on architecture and technical implementation and help the team push forward on three core goals: Gather (introducing data points that help customers understand the urgency of issues like reachability analysis and supply chain poisoning detection) Integrate (providing other teams with innovative collection techniques for better workflows) and Optimize (solving data correlation at massive scale). You'll contribute hands-on code help solve novel technical challenges and establish patterns that improve how the distributed team works together across multiple time zones.

Examples of some future features that you may help build: 
- Dependency scanning for unmanaged C/C++ 
- Dependency Scanning for Yocto environments 
- Vulnerability detection using CPE-based matching against package metadata

What you’ll do

• Implement complex features in dependency scanning and container scanning shipping improvements that increase scan coverage improve accuracy and drive adoption of GitLab's SCA capabilities
• Solve novel technical problems in SCA establishing reusable patterns that reduce delivery time and improve engineering effectiveness across the team
• Guide architectural and implementation decisions in collaboration with engineering managers product managers and peer engineers to improve scalability reliability and delivery outcomes across the team's SCA architecture
• Contribute code design reviews and technical mentorship that raise quality standards improve maintainability and strengthen performance across the codebase
• Collaborate across GitLab's security domain to align SCA work with related efforts in vulnerability management and adjacent product areas accelerating delivery of shared roadmap goals and improving coordination across related security efforts
• Identify and resolve technical debt prioritizing changes that improve team velocity code health and long-term maintainability across the team's core SCA services
• Translate product needs and customer feedback into technical solutions in partnership with product UX and security stakeholders delivering features that address high-impact customer risks and advance shared roadmap goals

What you’ll bring

• Hands-on experience in Software Composition Analysis and the ability to contribute to complex security features in dependency scanning and container scanning
• Deep hands-on expertise in building and evolving dependency scanning and container scanning analyzers
• Demonstrated ability to design solutions that balance complexity performance and maintainability
• Expertise with backend technologies particularly Go and/or Ruby on Rails with ability to pick up new technologies quickly
• Familiarity with cloud providers like GCP CloudFlare or AWS
• Ability to evaluate technical tradeoffs in SCA and security tooling with proven success delivering maintainable solutions that help customers manage software supply chain risk
• Ability to work effectively in distributed async-first teams across multiple time zones
• Experience explaining complex technical and security concepts to engineers and stakeholders

About the team

The Software Composition Analysis team is part of GitLab's Sec Engineering group and we focus on building capabilities that help customers identify and manage risks in their software supply chain. We work across areas including dependency scanning container scanning and license scanning and we work closely with product UX security and adjacent engineering teams to close important feature gaps in GitLab's platform. Our team members are distributed across regions including Europe and North America so we rely on clear documentation asynchronous communication and thoughtful coordination across time zones. This opportunity is centered on helping us deliver complex security features while balancing hands-on technical progress with strong team execution.

What We Do

GitLab is the Intelligent Orchestration Platform where software teams and their AI agents stay in flow to amplify their capacity for innovation. Together they automate repetitive tasks to plan build secure test deploy and maintain software. With GitLab software teams spend less time on coordination overhead and more time on the next big idea.What started in 2011 as an open source project to help one team of programmers collaborate is now the intelligent orchestration platform millions of people use to deliver software faster more efficiently while strengthening security and compliance.Since the beginning we've been firm believers in remote work open source DevSecOps and iteration. We get up and log on in the morning to work alongside the GitLab community to deliver new innovations every month that help teams and their AI agents ship great code faster.

Why Work With Us

GitLab is where careers accelerate innovation flourishes and every voice is valued. Co-create the future with us as we build technology that transforms how the world develops software.

Gallery