Senior Backend Engineer, SSCS – Supply Chain at GitLab

Design and implement backend features across the Add-On's software supply chain security surface, including policy enforcement, artifact signing and verification, provenance attestation APIs, and malicious package detection integrations
Build and improve the package policy evaluation engine, including rule compilation, request matching, enforcement decisions, and performance-sensitive execution paths tied to GitLab's Dependency Firewall infrastructure
Develop artifact signing and verification workflows, including Sigstore and Cosign integrations
Create and evolve the configuration interfaces that enterprise security teams use, including backend APIs and the GraphQL surface
Integrate Add-On capabilities with GitLab's existing security policy framework
Collaborate with adjacent teams as malicious package intelligence is incorporated into the Add-On offering
Write and maintain comprehensive RSpec and integration test coverage
Review merge requests with a security-first mindset

Proven backend engineering experience, including production Ruby on Rails expertise
Working knowledge of Go or a clear willingness to ramp up quickly in it
Solid API design skills, including experience with REST, GraphQL, and defining clear internal service boundaries
Solid PostgreSQL fundamentals, including schema design, query optimization, and indexing strategies
Experience with Redis for caching and distributed coordination patterns
A security-aware engineering mindset, with sound judgment around trust boundaries, input validation, and failure modes
Familiarity with software supply chain security concepts such as Supply-chain Levels for Software Artifacts (SLSA), software bill of materials (SBOM), artifact signing, or related security scanning approaches
Interest in complex policy, registry, or platform problems, including areas such as rules engines, package ecosystems, cryptographic signing, or DevSecOps product development.

Senior Backend Engineer, SSCS – Supply Chain