GitLab
Staff Backend Engineer, Software Supply Chain Security
Vaga remota de Sec Engineering com fit claro de localização do candidato.
PublicadaAdicionada recentemente
Países elegíveis1 país aceito
Sinal de senioridadeLead
Modelo de trabalhoRemoto
Locais aceitos para candidatos
Índia
Resumo da vaga
Staff Backend Engineer, Software Supply Chain Security
Requisitos e responsabilidades
Conteúdo da vaga extraído em seções para revisão mais rápida.
An overview of this role
- Dependency Firewall for package policy enforcement across supported registries
- Artifact attestation and signing using supply chain security standards and the Sigstore ecosystem
What you’ll do
- Define and drive the technical architecture for the SSCS Add-On, including backend systems for package policy enforcement, provenance generation, artifact signing, and malicious package detection.
- Lead design and implementation work for Supply-chain Levels for Software Artifacts (SLSA) Level 2 and Level 3 capabilities within GitLab CI/CD.
- Architect integrations with Sigstore services such as Cosign, Fulcio, and Rekor, including approaches for signing workflows, verification, and trust boundaries.
- Design backend services and request paths that support allow, deny, and quarantine package policies with strong performance and reliability expectations.
- Review merge requests with a focus on security, architectural consistency, maintainability, and test quality.
- Mentor Backend Engineers across experience levels, helping raise the technical bar through design guidance, feedback, and hiring participation.
- Partner with Product, Infrastructure, Authentication, Authorization, and Security counterparts on cross-team technical decisions.
- Contribute to relevant open source and industry conversations, including working groups related to software supply chain security where appropriate.
What you’ll bring
- Strong experience building backend applications with Ruby on Rails in a high-scale production environment.
- Professional experience with Go for backend or infrastructure-oriented services.
- A track record of leading architecture across multiple systems and influencing technical direction through strong engineering judgment.
- Experience writing clear technical proposals, request for comments documents, and decision records in an async, documentation-first environment.
- A solid security mindset and comfort working on products where trust, risk reduction, and secure defaults are central requirements.
- Familiarity with software supply chain security concepts such as build provenance, artifact signing, dependency security, or software bill of materials.
- Strong teamwork and communication skills, with the ability to work effectively across distributed teams and functions.
- Interest in GitLab's values and in building secure, scalable product capabilities that help customers ship software with confidence.
How GitLab Supports Full-Time Employees
- Benefits to support your health, finances, and well-being
- Flexible Paid Time Off
- Team Member Resource Groups
- Equity Compensation & Employee Stock Purchase Plan
- Growth and Development Fund
- Parental Leave
Vagas similares
Mantenha uma lista reserva.
Stack
Use estas tags para comparar vagas remotas similares.
Elegibilidade de localização
Candidatos devem aplicar apenas quando o país do perfil estiver listado aqui.
Seu perfilPaís não definidoEntre para comparar seu país com esta vaga.
Fluxo de contratação
O WithMira mostra a vaga e depois envia candidatos para a aplicação da empresa.
1Confira fit da vaga, stack e elegibilidade de localização no WithMira.
2Abra a página de aplicação da empresa pelo link rastreado.
3Salve a vaga ou assine oportunidades similares antes de sair.