Senior Backend Engineer, Software Supply Chain Security: Pipeline Security

Requirements

• 5+ years of backend development experience
• Strong proficiency in Ruby on Rails and its security features
• Deep understanding of CI/CD concepts and pipeline security
• Experience with secrets management and security best practices
• Strong knowledge of web application security principles
• Experience with Git and GitLab/GitHub workflows
• Excellent problem-solving and debugging skills
• Strong communication skills and ability to explain complex security concepts

What You'll Be Doing

• Technical Architecture: Design and implement security-focused features for GitLab's CI/CD pipeline infrastructure, with a focus on secrets management and SLSA compliance
• Security Implementation: Contribute to the development of GitLab's native secrets management system for CI pipelines, ensuring secure handling of sensitive information
• Code Review: Review code contributions with a security-first mindset, ensuring all new features meet our high security standards
• Secure Development: Write secure, maintainable code primarily in Ruby on Rails, with occasional work in Golang for specific components
• Technical Collaboration: Apply security best practices and participate in code reviews with a security-focused mindset
• Cross-team Collaboration: Work closely with security experts and other engineering teams to ensure best practices in secure software development
• Documentation: Write and maintain technical documentation for security features, focusing on both implementation details and security considerations
• Problem Solving: Debug and resolve complex security-related issues in production environments
• Security Architecture: Participate in design discussions and technical reviews with a focus on security implications

Nice to Haves

• N/A

Perks and Benefits

• Benefits to support your health, finances, and well-being
• All remote, asynchronous work environment
• Flexible Paid Time Off
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and Development Fund
• Parental leave
• Home office support