Senior Backend Engineer (RoR), AST: Secret Detection

As a Backend Engineer on the Secret Detection team, you'll help protect sensitive data by building services and scanning workflows that prevent leaked secrets from reaching production. You will contribute to the full secret management lifecycle, including push protection, pipeline-based scanning, validation, and auditability.

This role focuses on the backend systems powering Secret Detection across GitLab’s DevSecOps platform. You will work closely with product management and engineering peers in an async-first environment to improve detection quality, reduce false positives, and strengthen remediation paths.

Examples of our projects:

• Secret Push Protection: Preventing secret leaks in source code before they are committed.

• Findings Verification: Building systems to verify the validity of detected secrets.

What You’ll Do

• Design & Implementation: Guide the development of backend features using Ruby on Rails, GraphQL, and Go.

• Code Quality: Build maintainable, well-tested code that meets GitLab’s standards for high-scale performance and reliability.

• Detection Lifecycle: Improve detection, validation, and audit trail coverage to help developers mitigate exposed secrets effectively.

• Detection Quality: Reduce false positives and enable faster remediation paths for exposed credentials and API keys.

• Technical Leadership: Contribute to code reviews, RFCs, and proof-of-concept work to guide technical approaches.

• Operational Excellence: Diagnose performance issues, identify technical debt, and implement scalability improvements.

What You’ll Bring

• Backend Proficiency: Experience building services with Ruby on Rails and a working knowledge of GraphQL.

• Security Mindset: Knowledge of security concepts, common vulnerabilities, and secure coding practices.

• Relevant Background: Experience with security tools, specifically in areas related to code scanning or secret detection.

• Production Experience: Ability to design and deliver secure, maintainable systems for production web applications at scale.

• Performance Tuning: Experience investigating and improving backend reliability and efficiency.

• Collaborative Skills: Ability to work cross-functionally with product, design, and technical writing in a remote, async-first environment.

• Growth Orientation: Willingness to grow into the Go stack and adjacent security domains.

About the Team

The Secret Detection team builds the systems that help developers identify and mitigate exposed secrets. We work across Rails and Go services and are globally distributed, relying heavily on asynchronous communication. Our current focus is expanding coverage across the secret management lifecycle and improving the quality of detection findings.