Senior Backend Engineer (RoR), AST: Secret Detection

## About the Role As a Senior Backend Engineer on the Secret Detection team at Gitlab, you will be responsible for designing and implementing backend features that prevent leaked secrets from reaching production. This role is crucial in ensuring the security and integrity of Gitlab's DevSecOps platform, which is used by over 50 million registered users and more than 50% of the Fortune 100. You will work closely with product management and engineering peers in an async-first environment, focusing on building services, scanning workflows, and remediation paths.

The Secret Detection team is dedicated to protecting sensitive data, and your work will contribute to the full secret management lifecycle. This includes push protection, pipeline-based scanning, validation, and auditability, ensuring that developers can move quickly without taking on avoidable security risk. Your day-to-day responsibilities will involve collaborating with cross-functional teams, guiding the design and implementation of backend features, and improving detection quality.

Gitlab's values of innovation, collaboration, and security will be essential in this role. You will be expected to incorporate AI into your daily workflows to drive efficiency, innovation, and impact. The company's high-performance culture is driven by continuous knowledge exchange, enabling team members to reach their full potential while collaborating with industry leaders to solve complex problems.

## What You Will Do - Guide the design and implementation of backend features for Gitlab Secret Detection in Ruby on Rails, GraphQL, and Go.

• Build clean, well-tested, maintainable code that meets Gitlab standards for reliability and performance.
• Partner with product management and engineering peers to deliver backend capabilities that improve detection, validation, remediation, and audit trail coverage.
• Improve detection quality by reducing false positives, strengthening secret validation workflows, and enabling faster, more effective remediation paths.
• Contribute to code reviews, RFCs, and proof of concepts to shape technical direction.
• Collaborate with the product management team to define and prioritize project requirements.
• Work closely with the engineering team to ensure seamless integration of backend features.
• Participate in the development of technical roadmaps and project plans.
• Stay up-to-date with industry trends and emerging technologies in security and backend engineering.
• Develop and maintain technical documentation for backend features and services.
• Troubleshoot and resolve complex technical issues related to secret detection and backend systems.

## What We Are Looking For - 5+ years of experience in backend engineering with a focus on security.

• Strong proficiency in Ruby on Rails, GraphQL, and Go.
• Experience with secret management and detection tools.
• Solid understanding of security principles and best practices.
• Excellent problem-solving skills and attention to detail.
• Ability to work in an async-first environment and collaborate with remote teams.
• Strong communication and interpersonal skills.
• Experience with Agile development methodologies and version control systems (e.g., Git).
• Bachelor's degree in Computer Science, Engineering, or a related field.

## Nice to Have - Experience with AI-powered tools and technologies.

• Knowledge of DevSecOps practices and principles.
• Familiarity with cloud-based infrastructure and services (e.g., AWS, Azure).
• Certification in security or a related field (e.g., CISSP, CEH).
• Experience with containerization (e.g., Docker) and orchestration (e.g., Kubernetes).

## Benefits and Perks - Competitive salary and equity package.

• Comprehensive health, dental, and vision insurance.
• Flexible paid time off and remote work options.
• Access to cutting-edge technologies and tools.
• Opportunities for professional growth and career development.
• Collaborative and dynamic work environment.
• Recognition and reward programs for outstanding performance.
• Employee assistance programs and mental health support.

- Tip: When applying, make sure to highlight your experience with Ruby on Rails, GraphQL, and Go, as well as your understanding of security principles and best practices.

• To stand out, include examples of your work on secret detection and management projects, and demonstrate your ability to collaborate with cross-functional teams.
• Prepare to talk about your experience with Agile development methodologies, version control systems, and cloud-based infrastructure.
• Be ready to discuss your approach to troubleshooting complex technical issues and your experience with technical documentation.
• When negotiating salary, consider the company's competitive equity package and comprehensive benefits, and be prepared to discuss your expectations.
• Red flag: Be cautious if the company lacks a clear commitment to security and DevSecOps principles, or if the team seems unclear about the role's responsibilities and expectations.