Key skills
GoRubyRuby on RailsRailsVaultJWTGitLabCI/CDLeadershipMentoringCommunicationCollaboration
About this role
GitLab is the intelligent orchestration platform for DevSecOps, enabling organizations to enhance developer productivity and reduce security risks. They are seeking a Staff Backend Engineer focused on Secrets Management to lead the technical strategy for GitLab Secrets Manager and collaborate with cross-functional teams to ensure secure, scalable solutions for managing secrets across CI/CD pipelines.
Responsibilities:
- Lead the technical strategy for GitLab Secrets Manager, setting architecture direction for secure, multi-tenant secrets management at scale
- Own the integration between GitLab and OpenBao, including namespaces, authentication mechanisms, and policy management
- Collaborate with Pipeline Security, Authentication, and Platform teams to propose, review, and deliver cross-team secrets management improvements
- Partner with GitLab.com Infrastructure teams to ensure secrets management meets reliability, performance, and operational requirements
- Represent GitLab in the OpenBao open source project by contributing features upstream, participating in technical steering discussions, and maintaining strong technical credibility
- Mentor and advise engineers on secrets management, cryptographic systems, and secure architecture patterns, raising the quality and consistency of designs and implementations
- Interface with engineering managers and senior leadership to scope initiatives, clarify tradeoffs, and unblock delivery across teams
- Engage with customers and external stakeholders to understand real-world needs and communicate GitLab's secrets management capabilities and roadmap direction
Requirements:
- Experience designing and operating secrets management systems (for example, HashiCorp Vault, OpenBao, or cloud-native offerings), including secure storage, access control, and audit logging
- Ability to lead architecture decisions for resilient, multi-tenant services that handle secrets operations at scale, including high availability and cluster management patterns
- Working knowledge of cryptographic and key management concepts, such as encryption in transit and at rest, key derivation, and hardware security module (HSM) or PKCS#11 integrations
- Experience implementing authentication and authorization integrations, such as JSON Web Token (JWT) or OpenID Connect (OIDC), mutual Transport Layer Security (mTLS), and certificate-based authentication
- Proficiency building product integrations in Go (within the OpenBao or Vault ecosystem) and Ruby on Rails for GitLab platform integration
- Experience contributing to open source projects and working effectively with distributed governance, balancing upstream needs with product requirements
- Demonstrated ability to operate with high autonomy, drive strategy, and serve as a trusted partner to senior leaders (including constructively challenging assumptions and tradeoffs)
- Strong communication and collaboration skills to influence across teams and levels, including mentoring engineers and working in a fully remote, asynchronous environment