Senior Data Analyst
GitLab
SDLCSQLTableau
Senior Product Manager, Composition Analysis and Dynamic Analysis
GitLab
full-time
Posted on:
Origin: • 🇺🇸 United States
Visit company websiteSalary
💰 $127,700 - $230,600 per year
Job Level
Senior
Tech Stack
JavaScriptPythonSDLC
About the role
- GitLab is an open-core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world. When everyone can contribute, consumers become contributors, significantly accelerating human progress. Our platform unites teams and organizations, breaking down barriers and redefining what's possible in software development. Thanks to products like Duo Enterprise and Duo Agent Platform, customers get AI benefits at every stage of the SDLC.
- The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier, with all team members expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact. GitLab is where careers accelerate, innovation flourishes, and every voice is valued. Our high-performance culture is driven by our values and continuous knowledge exchange, enabling our team members to reach their full potential while collaborating with industry leaders to solve complex problems.
- An overview of this role: Security is at the heart of GitLab Ultimate, and it’s a key part of our customers’ journey to produce more secure software.
- As the Senior Product Manager for Composition Analysis & Dynamic Analysis, you'll focus on container and dependency scanning capabilities that our customers use to secure their applications. While SCA is the focus, you’ll also manage our DAST and API Security product areas. This role combines innovative security technology and iterative product development at the scale of GitLab’s global customer base.
- You’ll drive high-visibility initiatives like Static Reachability Analysis, detection of malicious software, license compliance, and auto-remediation for vulnerable dependencies. As part of the GitLab platform, you’ll deliver results that security teams trust while serving the practical needs of developers who interact with your product every day.
- You\'ll work independently to shape product strategy while collaborating with experts across GitLab. You’ll work most closely with the Composition Analysis engineering team; the Dynamic Analysis engineering team; our Vulnerability Research team; and the Sec PM team, which manages all of GitLab’s security scanning, risk management, and governance features. Your decisions will directly impact GitLab Ultimate customers and help define the future of DevSecOps.
Requirements
- Proven experience with Application Security products, ideally including hands-on work developing or managing SCA products
- Deep understanding of Application Security personas, including developers, security engineers, and security leadership
- Multiple years of product management experience, preferably with enterprise software or security tools used by development teams
- Track record of successfully managing complex technical products and driving them from concept to market
- Experience working with large enterprise B2B customers and understanding their security, compliance, and operational needs
- Strong analytical skills with ability to synthesize customer stories, usage data, and market research into actionable product decisions
- Excellent written and verbal communication skills, including ability to explain complex security concepts to both technical and non-technical audiences
- Creative problem-solving mindset with ability to iterate on complex security challenges and balance detailed execution with strategic thinking
- Enough familiarity with code that you can understand SCA, DAST, or API Security findings, discuss detection tradeoff decisions with engineers and researchers, and create simple demonstrations Bonus qualifications
- Experience building AI-powered features, especially for security use cases
- Hands-on experience in an application security, security assessment, or similar role
