← Zurück zur Liste
Stelle · Senior

Senior Backend Engineer (RoR/Go), SSCS: Pipeline Security

Security Engineer • Senior • Remote • Vollzeit • 📍 Remote +3

GitLab is hiring a Senior Backend Engineer for the Pipeline Security team to take technical ownership of GitLab's native Secrets Manager, a production system built on OpenBao that secures sensitive credentials across GitLab CI/CD pipelines. You will work at the intersection of backend engineering and infrastructure, shaping architecture in Ruby on Rails and Go and guiding decisions around role-based access control, GraphQL APIs and Kubernetes deployment configuration. In your first year you will help move Secrets Manager toward general availability and establish technical patterns for the team. The role offers end-to-end ownership from design through production operations.

Responsibilities

  • Build and maintain secure, readable backend code primarily in Ruby on Rails, with some development in Go for targeted components
  • Design backend architecture for complex security features, including secrets access control, pipeline security enforcement and OpenBao integration
  • Lead development of role-based access control models, GraphQL APIs and supporting application patterns
  • Own features end to end, from technical design and implementation through deployment, validation and production support
  • Collaborate with Product, security partners and other engineering teams to document tradeoffs and deliver iteratively in a distributed environment
  • Improve code quality, maintainability, security and performance through code review, design iteration and internal standards
  • Build and maintain Helm charts, including configuration, tuning, documentation and automated testing for Kubernetes-based deployments
  • Validate features in Kubernetes environments, including GitLab Cloud Native and Cloud Native Hybrid deployments

Requirements

  • Experience building and maintaining backend features with a focus on secure design, data handling and production reliability
  • Ability to write production-quality Ruby on Rails code, including framework security patterns and review for common application risks
  • Working knowledge of CI/CD concepts and the ways pipelines can be misconfigured, abused or expose sensitive data
  • Comfort collaborating across Product and engineering teams in an asynchronous, distributed environment and communicating technical tradeoffs in writing
  • Ability to review merge requests with a security-first mindset
  • Experience debugging production issues, including investigation of security-related behavior and proposing practical fixes

Nice to have

  • Familiarity with secrets management approaches and security practices for handling credentials in CI environments; experience with tools such as HashiCorp Vault is helpful
  • Openness to learning adjacent domains and tools, including Go, container security and software supply chain security

Soft skills

Security-first mindsetClear written communication in an asynchronous environmentIterative, feedback-driven collaboration

What we offer

  • Flexible Paid Time Off
  • Team Member Resource Groups
  • Equity Compensation and Employee Stock Purchase Plan
  • Growth and Development Fund
  • Parental Leave
  • United States salary range: $117,600 - $252,000 USD (US residents)

About the company

GitLab is the intelligent orchestration platform for DevSecOps, trusted by more than 50 million registered users and over half of the Fortune 100. The Pipeline Security team builds features that make GitLab CI pipelines more secure, with current focus on native secrets management and SLSA Level 3 supply chain security, working across Ruby on Rails and Go in an all-remote, asynchronous culture.