Key skills
GolangEnvoymTLSgRPCKubernetesDatabase technologiesSolution-oriented mindsetEffective communicationCollaborationGoAIBINGINXTraefikRDSSpannerPostgresJWTGitLabService MeshAgileCommunication
About this role
GitLab is an open-core software company that develops a comprehensive AI-powered DevSecOps Platform used by over 100,000 organizations. The Senior Backend Engineer will build critical infrastructure for authentication and authorization, focusing on secure and reliable identity services while collaborating with various teams to enhance GitLab's infrastructure capabilities.
Responsibilities:
- Design and implement core components of GitLab's authentication infrastructure layer, including Envoy proxy configuration, token services, and policy decision systems
- Develop solutions for critical infrastructure challenges such as bi-directional gRPC tunnels, mutual Transport Layer Security (mTLS), and service mesh architecture
- Build and maintain authentication infrastructure that supports GitLab.com, self-managed, Dedicated, and air-gapped deployment models
- Optimize the performance and reliability of authentication and authorization decisions at scale across distributed systems
- Implement and refine monitoring, observability, and debugging capabilities for authentication services to ensure secure and stable operation
- Collaborate with Authentication, Authorization, Platform, and Infrastructure teams to align infrastructure capabilities with product and architectural requirements
- Contribute to the team’s technical direction and roadmap for secure, scalable authentication, including standards for style, maintainability, and best practices
- Represent GitLab and its values through participation in public communication, broader initiatives, and contributions to relevant open source projects
Requirements:
- Strong experience building high-performance backend services in Go, ideally in large-scale, distributed environments
- Hands-on experience with proxy and edge technologies such as Envoy, Traefik, HAProxy, or nginx, including configuration and operation in production
- Practical experience with service mesh architectures, mutual TLS (mTLS), zero-trust networking, and secure service-to-service communication patterns (gRPC, REST)
- Working knowledge of database and storage technologies such as RDS, Google Spanner, Postgres or similar, including schema design and performance considerations
- Understanding of token systems (for example JWT or Macaroons), cryptographic signing, and key management for authentication and authorization workflows
- Experience with Kubernetes, container orchestration, and cloud-native deployment patterns, including observability, monitoring, and debugging of distributed systems
- Ability to own projects from concept to production, including proposing designs, driving discussions, and delivering in a highly agile, iterative environment
- Effective written and verbal communication in English, with a collaborative, solution-oriented mindset and openness to learning from and supporting team members with diverse backgrounds and transferable skills