Resumo da vaga

Staff Backend Engineer, Software Supply Chain Security

Requisitos e responsabilidades

Conteúdo da vaga extraído em seções para revisão mais rápida.

An overview of this role

  • Dependency Firewall for package policy enforcement across supported registries
  • Artifact attestation and signing using supply chain security standards and the Sigstore ecosystem

What you’ll do

  • Define and drive the technical architecture for the SSCS Add-On, including backend systems for package policy enforcement, provenance generation, artifact signing, and malicious package detection.
  • Lead design and implementation work for Supply-chain Levels for Software Artifacts (SLSA) Level 2 and Level 3 capabilities within GitLab CI/CD.
  • Architect integrations with Sigstore services such as Cosign, Fulcio, and Rekor, including approaches for signing workflows, verification, and trust boundaries.
  • Design backend services and request paths that support allow, deny, and quarantine package policies with strong performance and reliability expectations.
  • Review merge requests with a focus on security, architectural consistency, maintainability, and test quality.
  • Mentor Backend Engineers across experience levels, helping raise the technical bar through design guidance, feedback, and hiring participation.
  • Partner with Product, Infrastructure, Authentication, Authorization, and Security counterparts on cross-team technical decisions.
  • Contribute to relevant open source and industry conversations, including working groups related to software supply chain security where appropriate.

What you’ll bring

  • Strong experience building backend applications with Ruby on Rails in a high-scale production environment.
  • Professional experience with Go for backend or infrastructure-oriented services.
  • A track record of leading architecture across multiple systems and influencing technical direction through strong engineering judgment.
  • Experience writing clear technical proposals, request for comments documents, and decision records in an async, documentation-first environment.
  • A solid security mindset and comfort working on products where trust, risk reduction, and secure defaults are central requirements.
  • Familiarity with software supply chain security concepts such as build provenance, artifact signing, dependency security, or software bill of materials.
  • Strong teamwork and communication skills, with the ability to work effectively across distributed teams and functions.
  • Interest in GitLab's values and in building secure, scalable product capabilities that help customers ship software with confidence.

How GitLab Supports Full-Time Employees

  • Benefits to support your health, finances, and well-being
  • Flexible Paid Time Off
  • Team Member Resource Groups
  • Equity Compensation & Employee Stock Purchase Plan
  • Growth and Development Fund
  • Parental Leave
Vagas similares

Mantenha uma lista reserva.

Ver stack
FocoSec EngineeringÁrea da vaga
Sinal de senioridadeLeadNível do candidato
StackCI/CDSkills principais
Localização1 país aceitoElegibilidade

Stack

Use estas tags para comparar vagas remotas similares.

Elegibilidade de localização

Candidatos devem aplicar apenas quando o país do perfil estiver listado aqui.

Seu perfilPaís não definidoEntre para comparar seu país com esta vaga.

Fluxo de contratação

O WithMira mostra a vaga e depois envia candidatos para a aplicação da empresa.

1Confira fit da vaga, stack e elegibilidade de localização no WithMira.
2Abra a página de aplicação da empresa pelo link rastreado.
3Salve a vaga ou assine oportunidades similares antes de sair.
Aplicar no site da empresaSite da empresaAbrir link