Senior Backend Engineer (RoR/Go), SSCS: Pipeline Security

As a Senior Backend Engineer on the Pipeline Security team, you'll take technical ownership of GitLab's native Secrets Manager, a production system built on OpenBao that helps secure sensitive credentials across GitLab CI/CD pipelines. This role sits at the intersection of backend engineering and infrastructure.

In your first year, you'll guide the Secrets Manager toward general availability, establish technical patterns, and lead architecture in Ruby on Rails and Go. You will have end-to-end ownership—from initial design and GraphQL API development to Kubernetes deployment configuration and production operations.

What You’ll Do

• Secure Coding: Build and maintain secure, readable backend code primarily in Ruby on Rails, with targeted components developed in Go.

• Architecture Design: Lead the design for complex security features, including secrets access control, OpenBao integration, and pipeline security enforcement.

• Access Control & APIs: Develop role-based access control (RBAC) models, GraphQL APIs, and supporting application patterns.

• Infrastructure as Code: Build and maintain Helm charts and validate features in Kubernetes environments (Cloud Native and Cloud Native Hybrid).

• End-to-End Ownership: Manage features from design through implementation, validation, and production support.

• Collaboration: Partner with Product and security teams to document tradeoffs and deliver features iteratively in a distributed environment.

• Code Quality: Maintain high standards for maintainability and performance through rigorous code reviews and design iterations.

What You’ll Bring

• Secure Design Expertise: Experience building backend features with a focus on data handling, framework security patterns, and common application risks.

• Technical Proficiency: Proficiency in Ruby on Rails; experience with or openness to learning Go.

• Security Context: Working knowledge of CI/CD security, specifically how pipelines can be misconfigured or abused to expose sensitive data.

• Secrets Management: Familiarity with tools like OpenBao or HashiCorp Vault and security practices for credentials in CI environments.

• Cloud Native Skills: Experience with Kubernetes and Helm for production-scale deployments.

• Problem Solving: Ability to debug production issues, investigate security-related behavior, and propose practical fixes.

• Async Communication: Excellent written communication skills for collaborating in a remote, asynchronous, and distributed team.

About the Team

The Pipeline Security team focuses on making GitLab CI pipelines more trustworthy. Current priorities include native secrets management and implementing Supply-chain Levels for Software Artifacts (SLSA) Level 3 capabilities to strengthen software supply chain security. The team works across Ruby on Rails and Go, emphasizing clear design discussions and documented decisions.