GitLab

Senior Backend Engineer, Pipeline Security

GitLab

full-time

Posted on:

Location Type: Remote

Location: United States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

CloudGoGraphQLKubernetesRubyRuby on RailsVault

About the role

  • Build and maintain secure, readable backend code primarily in Ruby on Rails, with some development in Go for targeted components.
  • Design backend architecture for complex security features, including secrets access control, pipeline security enforcement, and OpenBao integration.
  • Lead the development of role-based access control models, GraphQL APIs, and supporting application patterns for features owned by the team.
  • Own features end to end, from technical design and implementation through deployment, validation, and production support.
  • Collaborate with Product, security partners, and other engineering teams to document tradeoffs, align on direction, and deliver iteratively in a distributed environment.
  • Improve code quality, maintainability, security, and performance through code review, design iteration, and internal standards for a high-scale web environment.
  • Build and maintain Helm charts, including configuration, tuning, documentation, and automated testing for Kubernetes-based deployments.
  • Validate features in Kubernetes environments, including GitLab Cloud Native and Cloud Native Hybrid deployments, using GitLab testing and performance testing frameworks.

Requirements

  • Experience building and maintaining backend features with a focus on secure design, data handling, and production reliability.
  • Ability to write production-quality code in Ruby on Rails, including use of framework security patterns and review for common application risks.
  • Working knowledge of CI/CD concepts and the ways pipelines can be misconfigured, abused, or expose sensitive data.
  • Familiarity with secrets management approaches and security practices for handling credentials in CI environments; experience with tools such as HashiCorp Vault or similar systems is helpful.
  • Comfort collaborating across Product and engineering teams in an asynchronous, distributed environment and communicating technical tradeoffs clearly in writing.
  • Ability to review merge requests with a security-first mindset and improve solutions through feedback and iteration.
  • Experience debugging production issues, including investigation of security-related behavior and proposing practical fixes.
  • Openness to learning adjacent domains and tools, including Go, container security, and software supply chain security; we welcome transferable experience from different technical backgrounds.
Benefits
  • Benefits to support your health, finances, and well-being
  • Flexible Paid Time Off
  • Team Member Resource Groups
  • Equity Compensation & Employee Stock Purchase Plan
  • Growth and Development Fund
  • Parental leave
  • Home office support
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Ruby on RailsGoGraphQLKubernetesCI/CDHelmsecrets managementcode reviewproduction debuggingsecurity patterns
Soft Skills
collaborationcommunicationleadershipproblem-solvingiterationdocumentationasynchronous workfeedbackadaptabilitylearning