Senior Product Manager - Static Analysis (SAST)
An overview of this role
Security is at the heart of GitLab Ultimate, and SAST is a key part of our customers’ journey to produce more secure software.
As the Senior Product Manager for Static Analysis, you'll be responsible for GitLab’s code scanning products. You’ll focus primarily on SAST, and you’ll also maintain Infrastructure as Code Scanning and Code Quality. This role combines cutting-edge security technology and iterative product development at the scale of GitLab’s global customer base.
You'll drive high-visibility initiatives like GitLab Advanced SAST, real-time SAST in the IDE, and our AI-powered GitLab Duo Vulnerability Resolution. The challenge? Balancing the technical complexity of static analysis with the practical needs of developers and security teams who rely on these tools daily.
You'll work independently to shape product strategy while collaborating with experts across GitLab. You’ll work most closely with the Static Analysis engineering team, with years of experience in SAST R&D; our innovative Vulnerability Research team; and the rest of the Sec PM team, which manages all of GitLab’s security scanning, risk management, and governance features. Your decisions will directly impact GitLab Ultimate customers and help define the future of DevSecOps.
Here are some examples of our recent releases:
PHP support for Advanced SAST (release announcement)
Expanded CWE support in GitLab Duo Vulnerability Resolution (release announcement)
Significantly improved detection accuracy in Python, Go, and Java (epic)
Multi-core Advanced SAST scanning (release announcement)
What you’ll do
Work directly with customers and account teams to understand what our customers need.
Be the primary voice of SAST users and buyers in our Product team.
Combine metrics, customer stories, research, and your own knowledge to identify and prioritize the highest-impact work.
Craft requirements for new features.
Discover opportunities to improve existing capabilities—including in related product areas where you’ll collaborate with other product teams—and deliver them to users.
Clearly articulate GitLab’s current and future capabilities for SAST and related areas.
Represent GitLab in contexts like customer meetings, industry conferences, webinars, and our public issue tracker.
Collaborate with Product Marketing and Field Enablement to equip our Field teams with knowledge and messaging about your product area.
As a Senior Product Manager, you’ll work closely with your counterparts, but you’ll be responsible for initiating, shaping, and driving projects independently.
What you’ll bring
Proven experience with Application Security products, ideally including hands-on work developing or managing SAST products
Deep understanding of Application Security personas, including developers, security engineers, and security leadership
Multiple years of product management experience, preferably with enterprise software or security tools used by development teams
Track record of successfully managing complex technical products and driving them from concept to market
Experience working with large enterprise B2B customers and understanding their security, compliance, and operational needs
Strong analytical skills with ability to synthesize customer stories, usage data, and market research into actionable product decisions
Excellent written and verbal communication skills, including ability to explain complex security concepts to both technical and non-technical audiences
Creative problem-solving mindset with ability to iterate on complex security challenges and balance detailed execution with strategic thinking
Enough familiarity with code that you can understand SAST findings, discuss detection tradeoff decisions with engineers and researchers, and create simple demonstrations
Bonus qualifications
Knowledge of static analysis, program analysis, formal verification, or related security techniques
Experience building AI-powered features, especially for security use cases
How GitLab will support you
Home office support
Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application.
The base salary range for this role’s listed level is currently for residents of listed locations only. Grade level and salary ranges are determined through interviews and a review of education, experience, knowledge, skills, abilities of the applicant, equity with other team members, and alignment with market data. See more information on our benefits and equity. Sales roles are also eligible for incentive pay targeted at up to 100% of the offered base salary.
California/Colorado/Hawaii/New Jersey/New York/Washington/DC/Illinois/Minnesota pay range
$127,700—$230,600 USD
About the job
Apply for this position
Senior Product Manager - Static Analysis (SAST)
An overview of this role
Security is at the heart of GitLab Ultimate, and SAST is a key part of our customers’ journey to produce more secure software.
As the Senior Product Manager for Static Analysis, you'll be responsible for GitLab’s code scanning products. You’ll focus primarily on SAST, and you’ll also maintain Infrastructure as Code Scanning and Code Quality. This role combines cutting-edge security technology and iterative product development at the scale of GitLab’s global customer base.
You'll drive high-visibility initiatives like GitLab Advanced SAST, real-time SAST in the IDE, and our AI-powered GitLab Duo Vulnerability Resolution. The challenge? Balancing the technical complexity of static analysis with the practical needs of developers and security teams who rely on these tools daily.
You'll work independently to shape product strategy while collaborating with experts across GitLab. You’ll work most closely with the Static Analysis engineering team, with years of experience in SAST R&D; our innovative Vulnerability Research team; and the rest of the Sec PM team, which manages all of GitLab’s security scanning, risk management, and governance features. Your decisions will directly impact GitLab Ultimate customers and help define the future of DevSecOps.
Here are some examples of our recent releases:
PHP support for Advanced SAST (release announcement)
Expanded CWE support in GitLab Duo Vulnerability Resolution (release announcement)
Significantly improved detection accuracy in Python, Go, and Java (epic)
Multi-core Advanced SAST scanning (release announcement)
What you’ll do
Work directly with customers and account teams to understand what our customers need.
Be the primary voice of SAST users and buyers in our Product team.
Combine metrics, customer stories, research, and your own knowledge to identify and prioritize the highest-impact work.
Craft requirements for new features.
Discover opportunities to improve existing capabilities—including in related product areas where you’ll collaborate with other product teams—and deliver them to users.
Clearly articulate GitLab’s current and future capabilities for SAST and related areas.
Represent GitLab in contexts like customer meetings, industry conferences, webinars, and our public issue tracker.
Collaborate with Product Marketing and Field Enablement to equip our Field teams with knowledge and messaging about your product area.
As a Senior Product Manager, you’ll work closely with your counterparts, but you’ll be responsible for initiating, shaping, and driving projects independently.
What you’ll bring
Proven experience with Application Security products, ideally including hands-on work developing or managing SAST products
Deep understanding of Application Security personas, including developers, security engineers, and security leadership
Multiple years of product management experience, preferably with enterprise software or security tools used by development teams
Track record of successfully managing complex technical products and driving them from concept to market
Experience working with large enterprise B2B customers and understanding their security, compliance, and operational needs
Strong analytical skills with ability to synthesize customer stories, usage data, and market research into actionable product decisions
Excellent written and verbal communication skills, including ability to explain complex security concepts to both technical and non-technical audiences
Creative problem-solving mindset with ability to iterate on complex security challenges and balance detailed execution with strategic thinking
Enough familiarity with code that you can understand SAST findings, discuss detection tradeoff decisions with engineers and researchers, and create simple demonstrations
Bonus qualifications
Knowledge of static analysis, program analysis, formal verification, or related security techniques
Experience building AI-powered features, especially for security use cases
How GitLab will support you
Home office support
Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application.
The base salary range for this role’s listed level is currently for residents of listed locations only. Grade level and salary ranges are determined through interviews and a review of education, experience, knowledge, skills, abilities of the applicant, equity with other team members, and alignment with market data. See more information on our benefits and equity. Sales roles are also eligible for incentive pay targeted at up to 100% of the offered base salary.
California/Colorado/Hawaii/New Jersey/New York/Washington/DC/Illinois/Minnesota pay range
$127,700—$230,600 USD