AI Product Security Research

Join GitLab's Security Platforms & Architecture Team as a Senior AI Product Security Researcher, focusing on cutting-edge research to safeguard AI-powered DevSecOps capabilities. Work at the forefront of human/AI collaborative development, proactively identifying and validating vulnerabilities to protect millions of developers worldwide.

Job Overview

This remote role offers the opportunity to shape the future of AI security in one of the world's largest DevSecOps platforms. You will have access to innovative AI systems and collaborate with engineering teams to ensure GitLab remains the most secure software factory platform.

Key Responsibilities

• Identify and validate security vulnerabilities in GitLab's AI systems through hands-on testing and proof-of-concept exploits.
• Conduct comprehensive penetration testing of AI agent platforms, including prompt injection and workflow manipulation.
• Research emerging AI security threats and attack techniques to assess their impact.
• Design and implement methodologies and tools for evaluating AI agent and multi-agent system security.
• Create detailed technical reports and advisories with actionable remediation strategies.
• Collaborate with AI engineering teams to verify security fixes and improvements.
• Contribute to the development of AI security testing frameworks and automated tools.
• Mentor team members on AI security testing and vulnerability discovery techniques.

Requirements & Qualifications

• 5+ years of experience in security research, penetration testing, or offensive security roles with expertise in AI/ML security.
• Proven experience discovering and exploiting vulnerabilities in AI systems and platforms.
• Strong understanding of AI attack vectors such as prompt injection, agent manipulation, and workflow exploitation.
• Proficiency in Python, AI frameworks, and security testing tools.
• Ability to read and analyze code across multiple languages and codebases.
• Excellent analytical, problem-solving, and creative thinking skills.
• Exceptional written communication for documenting findings and creating advisories.
• Security certifications (OSCP, OSCE, GPEN, or similar) are a plus.
• Experience with GitLab or similar DevSecOps platforms preferred.
• Knowledge of AI agent communication protocols and multi-agent architectures.