Intermediate Fullstack Engineer, SSCS: Pipeline Security (Ruby)

Requirements

• 3+ years of fullstack development experience
• Strong proficiency in Ruby on Rails and JavaScript frontend frameworks
• Excellent problem-solving and debugging skills
• Strong communication skills and ability to explain complex security concepts

Nice to Haves

• Understanding of CI/CD concepts and pipeline security
• Experience with secrets management and security best practices
• Strong knowledge of web application security principles
• Experience with Git and GitLab/GitHub workflows
• Experience with Golang development
• Experience with container security and Docker
• Familiarity with SLSA framework and software supply chain security
• Experience with HashiCorp Vault or similar secrets management systems

What You'll Be Doing

• Security Implementation: Contribute to the development of GitLab's native secrets management system for CI pipelines, ensuring secure handling of sensitive information
• Code Review: Review code contributions with a security-first mindset, ensuring all new features meet our high security standards
• Secure Development: Write secure, maintainable code primarily in Ruby on Rails and Vue.js
• Technical Collaboration: Apply security best practices and participate in code reviews with a security-focused mindset
• Cross-team Collaboration: Work closely with security experts and other engineering teams to ensure best practices in secure software development
• Documentation: Write and maintain technical documentation for security features, focusing on both implementation details and security considerations
• Problem Solving: Debug and resolve complex security-related issues in production environments
• Security Architecture: Participate in design discussions and technical reviews with a focus on security implications

Perks and Benefits

• Benefits to support your health, finances, and well-being
• All remote, asynchronous work environment
• Flexible Paid Time Off
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and Development Fund
• Parental leave
• Home office support