Staff Backend Engineer, Software Supply Chain Security

WithMiraChecking remote IT roles

Staff Backend Engineer, Software Supply Chain Security | WithMira

Resumen del rol

Contenido del rol extraído en secciones para revisar más rápido.

Dependency Firewall for package policy enforcement across supported registries
Artifact attestation and signing using supply chain security standards and the Sigstore ecosystem

Define and drive the technical architecture for the SSCS Add-On, including backend systems for package policy enforcement, provenance generation, artifact signing, and malicious package detection.
Lead design and implementation work for Supply-chain Levels for Software Artifacts (SLSA) Level 2 and Level 3 capabilities within GitLab CI/CD.
Architect integrations with Sigstore services such as Cosign, Fulcio, and Rekor, including approaches for signing workflows, verification, and trust boundaries.
Design backend services and request paths that support allow, deny, and quarantine package policies with strong performance and reliability expectations.
Review merge requests with a focus on security, architectural consistency, maintainability, and test quality.
Mentor Backend Engineers across experience levels, helping raise the technical bar through design guidance, feedback, and hiring participation.
Partner with Product, Infrastructure, Authentication, Authorization, and Security counterparts on cross-team technical decisions.
Contribute to relevant open source and industry conversations, including working groups related to software supply chain security where appropriate.

Strong experience building backend applications with Ruby on Rails in a high-scale production environment.
Professional experience with Go for backend or infrastructure-oriented services.
A track record of leading architecture across multiple systems and influencing technical direction through strong engineering judgment.
Experience writing clear technical proposals, request for comments documents, and decision records in an async, documentation-first environment.
A solid security mindset and comfort working on products where trust, risk reduction, and secure defaults are central requirements.
Familiarity with software supply chain security concepts such as build provenance, artifact signing, dependency security, or software bill of materials.
Strong teamwork and communication skills, with the ability to work effectively across distributed teams and functions.
Interest in GitLab's values and in building secure, scalable product capabilities that help customers ship software with confidence.