Senior Backend Engineer (RoR), SSCS: Pipeline Security

Details

GitLab is the intelligent orchestration platform for DevSecOps. This role is part of the Pipeline Security team and focuses on taking technical ownership of GitLab's native Secrets Manager (a production system built on OpenBao) to help secure sensitive credentials across GitLab CI/CD pipelines. You will work at the intersection of backend engineering and infrastructure, shaping architecture in Ruby on Rails and Go, and guiding decisions around role-based access control (RBAC), GraphQL APIs, and Kubernetes deployment configuration. The team works asynchronously across regions and collaborates closely with Product and security partners.

Responsibilities

• Build and maintain secure, readable backend code primarily in Ruby on Rails, with some development in Go for targeted components.
• Design backend architecture for complex security features, including secrets access control, pipeline security enforcement, and OpenBao integration.
• Lead development of RBAC models, GraphQL APIs, and supporting application patterns for the team's features.
• Own features end to end: technical design, implementation, deployment, validation, and production support.
• Collaborate with Product, security partners, and other engineering teams to document tradeoffs, align direction, and deliver iteratively in a distributed environment.
• Improve code quality, maintainability, security, and performance through code review and design iteration for a high-scale web environment.
• Build and maintain Helm charts (configuration, tuning, documentation, automated testing) for Kubernetes-based deployments.
• Validate features in Kubernetes environments (GitLab Cloud Native and Cloud Native Hybrid) using GitLab testing and performance testing frameworks.

Requirements

• Experience building and maintaining backend features with a focus on secure design, data handling, and production reliability.
• Ability to write production-quality code in Ruby on Rails, including use of framework security patterns and review for common application risks.
• Working knowledge of CI/CD concepts and how pipelines can be misconfigured, abused, or expose sensitive data (including GitLab CI/CD).
• Familiarity with secrets management approaches and security practices for handling credentials in CI environments; experience with tools such as HashiCorp Vault or similar systems is helpful.
• Ability to collaborate across Product and engineering teams in an asynchronous, distributed environment and communicate technical tradeoffs clearly in writing.
• Ability to review merge requests with a security-first mindset and improve solutions through feedback and iteration.
• Experience debugging production issues, including investigation of security-related behavior and proposing practical fixes.
• Openness to learning adjacent domains and tools, including Go, container security, and software supply chain security (SLSA-related work).

About the team

The Pipeline Security team builds features to make GitLab CI pipelines more secure and trustworthy. Current focus areas include native secrets management for CI pipelines and SLSA Level 3 capabilities to strengthen software supply chain security. The team uses Ruby on Rails and Go and works asynchronously across regions with Product and security partners.

Salary (United States)

• Base salary range for United States residents: $117,600 - $252,000 USD.

How GitLab will support you / Benefits

• Benefits to support health, finances, and well-being, Flexible Paid Time Off, Team Member Resource Groups, Equity Compensation & Employee Stock Purchase Plan, Growth and Development Fund, Parental leave, Home office support.

Additional notes

• The role is remote; GitLab hires in many countries but some roles may carry specific location-based eligibility requirements. The Talent Acquisition team can provide details during the recruiting process. GitLab emphasizes inclusive hiring practices and provides accommodation during recruiting when needed.