Key skills
Open SourceRubyRuby on RailsGoRailsGitLab CIGitLabCI/CDCommunication
About this role
Role Overview
- Define and drive the technical architecture for the SSCS Add-On, including backend systems for package policy enforcement, provenance generation, artifact signing, and malicious package detection.
- Lead design and implementation work for Supply-chain Levels for Software Artifacts (SLSA) Level 2 and Level 3 capabilities within GitLab CI/CD.
- Architect integrations with Sigstore services such as Cosign, Fulcio, and Rekor, including approaches for signing workflows, verification, and trust boundaries.
- Design backend services and request paths that support allow, deny, and quarantine package policies with strong performance and reliability expectations.
- Review merge requests with a focus on security, architectural consistency, maintainability, and test quality.
- Mentor Backend Engineers across experience levels, helping raise the technical bar through design guidance, feedback, and hiring participation.
- Partner with Product, Infrastructure, Authentication, Authorization, and Security counterparts on cross-team technical decisions.
- Contribute to relevant open source and industry conversations, including working groups related to software supply chain security where appropriate.
Requirements
- Strong experience building backend applications with Ruby on Rails in a high-scale production environment.
- Professional experience with Go for backend or infrastructure-oriented services.
- A track record of leading architecture across multiple systems and influencing technical direction through strong engineering judgment.
- Experience writing clear technical proposals, request for comments documents, and decision records in an async, documentation-first environment.
- A solid security mindset and comfort working on products where trust, risk reduction, and secure defaults are central requirements.
- Familiarity with software supply chain security concepts such as build provenance, artifact signing, dependency security, or software bill of materials.
- Strong teamwork and communication skills, with the ability to work effectively across distributed teams and functions.
- Interest in GitLab's values and in building secure, scalable product capabilities that help customers ship software with confidence.
Tech Stack
- Open Source
- Ruby
- Ruby on Rails
- Go
Benefits
- Benefits to support your health, finances, and well-being
- Flexible Paid Time Off
- Team Member Resource Groups
- Equity Compensation & Employee Stock Purchase Plan
- Growth and Development Fund
- Parental leave
- Home office support