Intermediate Fullstack Engineer; Ruby), Software Supply Chain Security: Pipeline Security

Intermediate Fullstack Engineer (Ruby), Software Supply Chain Security:
Pipeline Security

Git Lab is an open core software company that develops the most comprehensive AI-powered Dev Sec Ops  Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world. When everyone can contribute, consumers become contributors, significantly accelerating the rate of human progress. This mission is integral to our culture, influencing how we hire, build products, and lead our industry.

We make this possible at Git Lab by running our operations on our product and staying aligned with our values. Learn more about Life nks to products like Duo Enterprise and Duo Workflow, customers get the benefit of AI at every stage of the SDLC. The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier.

All team members are encouraged and expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact across our global organization.

As an Intermediate Fullstack Engineer on the Pipeline Security team, you'll be at the forefront of making CI pipelines more secure and trustworthy for Git Lab users worldwide. You'll work on critical security features that directly impact how thousands of organizations handle sensitive information in their development workflows. Our team is currently focused on two major initiatives: developing Git Lab's native secrets management system for CI pipelines and implementing SLSA L3 compliance features to enhance software supply chain security.

Working with both Ruby on Rails and Vue.js, you'll help shape the security architecture of Git Lab's CI/CD infrastructure. This role offers a unique opportunity to combine deep backend development expertise with security engineering, directly contributing to making Git Lab's pipelines more secure for everyone.

• Security Implementation:
  Contribute to the development of Git Lab's native secrets management system for CI pipelines, ensuring secure handling of sensitive information
• Code Review:
  Review code contributions with a security-first mindset, ensuring all new features meet our high security standards
• Secure Development:
  Write secure, maintainable code primarily in Ruby on Rails and Vue.js
• Technical
  
  Collaboration:
  
  Apply security best practices and participate in code reviews with a security-focused mindset
• Cross-team
  
  Collaboration:
  
  Work closely with security experts and other engineering teams to ensure best practices in secure software development
• Documentation:
  Write and maintain technical documentation for security features, focusing on both implementation details and security considerations
• Problem Solving:
  Debug and resolve complex security-related issues in production environments
• Security Architecture:
  Participate in design discussions and technical reviews with a focus on security implications

• 3+ years of fullstack development experience
• Strong proficiency in Ruby on Rails and JavaScript frontend frameworks
• Excellent problem-solving and debugging skills
• Strong communication skills and ability to explain complex security concepts

• Understanding of CI/CD concepts and pipeline security
• Experience with secrets management and security best practices
• Strong knowledge of web application security principles
• Experience with Git and Git Lab/Git Hub workflows
• Experience with Golang development
• Experience with container security and Docker
• Familiarity with SLSA framework and software supply chain security
• Experience with Hashi Corp Vault or similar secrets management systems

The Pipeline Security team is responsible for making CI pipelines more secure and trustworthy for users. We're currently focused on two major initiatives that will significantly improve Git Lab's security posture: developing a native secrets management system and implementing SLSA L3 compliance features. Our work directly impacts the security of thousands of organizations' software supply chains.

• Benefits to support your health, finances, and well-being
• All remote, asynchronous work environment
• Flexible Paid Time Off
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and Development Fund
• Parental leave
• Home office support

The base salary range for this role’s listed level is currently for residents of listed locations only. Grade level and salary ranges are determined through interviews and a review of education, experience, knowledge, skills, abilities of the applicant, equity with other team members, and alignment with market data. See more information on our benefits and equity. Sales roles are also eligible for incentive pay targeted at up to 100% of the offered base salary.

California/Colorado/Hawaii/New Jersey/New York/Washington/DC/Illinois/Minnesota pay range $98,000—$210,000 USD