Software Engineering Manager, Application Security Testing: Composition Analysis & Dynamic Analysis

Responsibilities

• Lead multiple engineering teams focused on Composition Analysis (SCA) and Dynamic Analysis (DAST/fuzzing).
• Set priorities, define delivery plans, and author epics spanning both groups to deliver cohesive application security features.
• Drive initiatives such as auto-remediation for vulnerable packages, scanning unmanaged C/C++ dependencies, static reachability analysis, and snippet detection for open source dependencies.
• Improve DAST crawler efficiency, stability, and application traversal for modern web apps.
• Run agile processes across distributed teams: planning, estimation, retrospectives, and continuous improvement.
• Provide architecture guidance for scalable, reliable security scanning services and coordinate cross-team technical decisions.
• Collaborate with product, security research, and other engineering teams to align roadmaps and avoid duplication.

Requirements

• Engineering management
• Application security
• Software composition analysis
• Dynamic application testing
• API security
• Containerization knowledge
• Dependency management
• Open-source tooling
• Agile project management
• Cross-team coordination
• Architecture guidance
• Distributed teams

Preferred Qualifications

• Experience leading multiple technical teams in security, DevSecOps, or vulnerability management domains
• Practical familiarity with tools like OWASP ZAP, Trivy, or similar security scanners
• Background with auto-remediation workflows and developer-facing security UX
• Experience improving web crawlers, fuzzers, or dynamic scanners for modern web applications
• Comfortable driving technical trade-offs balancing reliability, scale, and customer needs

Benefits

• Competitive benefits package supporting health and well-being
• Paid time off and annual leave
• Health and medical insurance support
• Relocation allowance for eligible hires

About the Company

GitLab is a global open-core software company building an AI-powered DevSecOps platform used by organizations worldwide. This role is based in Dubai, UAE (hybrid) and will operate from within the UAE; you will lead distributed security engineering teams that collaborate asynchronously across time zones. GitLab embraces remote-first practices while maintaining regional hiring and on-site collaboration where required. We value transparency, inclusion, and continuous learning as we build secure, developer-friendly tooling that helps customers find and fix vulnerabilities across the software supply chain.