Role overview

Staff Backend Engineer, Software Supply Chain Security

Requirements and responsibilities

Readable role content extracted into sections for faster review.

An overview of this role

  • Dependency Firewall for package policy enforcement across supported registries
  • Artifact attestation and signing using supply chain security standards and the Sigstore ecosystem

What you’ll do

  • Define and drive the technical architecture for the SSCS Add-On, including backend systems for package policy enforcement, provenance generation, artifact signing, and malicious package detection.
  • Lead design and implementation work for Supply-chain Levels for Software Artifacts (SLSA) Level 2 and Level 3 capabilities within GitLab CI/CD.
  • Architect integrations with Sigstore services such as Cosign, Fulcio, and Rekor, including approaches for signing workflows, verification, and trust boundaries.
  • Design backend services and request paths that support allow, deny, and quarantine package policies with strong performance and reliability expectations.
  • Review merge requests with a focus on security, architectural consistency, maintainability, and test quality.
  • Mentor Backend Engineers across experience levels, helping raise the technical bar through design guidance, feedback, and hiring participation.
  • Partner with Product, Infrastructure, Authentication, Authorization, and Security counterparts on cross-team technical decisions.
  • Contribute to relevant open source and industry conversations, including working groups related to software supply chain security where appropriate.

What you’ll bring

  • Strong experience building backend applications with Ruby on Rails in a high-scale production environment.
  • Professional experience with Go for backend or infrastructure-oriented services.
  • A track record of leading architecture across multiple systems and influencing technical direction through strong engineering judgment.
  • Experience writing clear technical proposals, request for comments documents, and decision records in an async, documentation-first environment.
  • A solid security mindset and comfort working on products where trust, risk reduction, and secure defaults are central requirements.
  • Familiarity with software supply chain security concepts such as build provenance, artifact signing, dependency security, or software bill of materials.
  • Strong teamwork and communication skills, with the ability to work effectively across distributed teams and functions.
  • Interest in GitLab's values and in building secure, scalable product capabilities that help customers ship software with confidence.

How GitLab Supports Full-Time Employees

  • Benefits to support your health, finances, and well-being
  • Flexible Paid Time Off
  • Team Member Resource Groups
  • Equity Compensation & Employee Stock Purchase Plan
  • Growth and Development Fund
  • Parental Leave
Similar roles

Keep a backup shortlist.

Browse stack
FocusSec EngineeringRole area
Seniority signalLeadCandidate level
StackCI/CDPrimary skills
Location1 accepted countryEligibility

Stack

Use these tags to compare similar remote roles.

Location eligibility

Candidates should apply only when their profile country is listed here.

Your profileCountry not setSign in to check your country against this role.

Hiring flow

WithMira shows the role, then sends candidates to the company application.

1Check role fit, stack, and location eligibility in WithMira.
2Open the company application page from the tracked apply link.
3Save the role or subscribe for similar opportunities before leaving.
Apply on company siteCompany siteOpen link