Key skills
GoRubyRuby on RailsRailsGraphQLKubernetesVaultHelmGitLabCI/CD
About this role
GitLab is the intelligent orchestration platform for DevSecOps, enabling organizations to increase developer productivity and improve operational efficiency. As a Senior Backend Engineer on the Pipeline Security team, you'll take technical ownership of GitLab's native Secrets Manager and work on backend engineering and infrastructure to enhance security features.
Responsibilities:
- Build and maintain secure, readable backend code primarily in Ruby on Rails, with some development in Go for targeted components
- Design backend architecture for complex security features, including secrets access control, pipeline security enforcement, and OpenBao integration
- Lead the development of role-based access control models, GraphQL APIs, and supporting application patterns for features owned by the team
- Own features end to end, from technical design and implementation through deployment, validation, and production support
- Collaborate with Product, security partners, and other engineering teams to document tradeoffs, align on direction, and deliver iteratively in a distributed environment
- Improve code quality, maintainability, security, and performance through code review, design iteration, and internal standards for a high-scale web environment
- Build and maintain Helm charts, including configuration, tuning, documentation, and automated testing for Kubernetes-based deployments
- Validate features in Kubernetes environments, including GitLab Cloud Native and Cloud Native Hybrid deployments, using GitLab testing and performance testing frameworks
Requirements:
- Experience building and maintaining backend features with a focus on secure design, data handling, and production reliability
- Ability to write production-quality code in Ruby on Rails, including use of framework security patterns and review for common application risks
- Working knowledge of CI/CD concepts and the ways pipelines can be misconfigured, abused, or expose sensitive data
- Familiarity with secrets management approaches and security practices for handling credentials in CI environments; experience with tools such as HashiCorp Vault or similar systems is helpful
- Comfort collaborating across Product and engineering teams in an asynchronous, distributed environment and communicating technical tradeoffs clearly in writing
- Ability to review merge requests with a security-first mindset and improve solutions through feedback and iteration
- Experience debugging production issues, including investigation of security-related behavior and proposing practical fixes
- Openness to learning adjacent domains and tools, including Go, container security, and software supply chain security; we welcome transferable experience from different technical backgrounds