Senior Backend Engineer (RoR), SSCS: Authorization

About the Role

The Authorization team at Gitlab is responsible for implementing fine-grained permissions, policy-as-code approaches, and performance optimizations to enable the company's move toward a zero-trust architecture. This role is an excellent opportunity for a skilled backend engineer to make a significant impact on the company's mission to increase developer productivity, improve operational efficiency, and reduce security and compliance risk.

Gitlab's high-performance culture is driven by its values and continuous knowledge exchange, enabling team members to reach their full potential while collaborating with industry leaders to solve complex problems. The company's commitment to AI-driven productivity, innovation, and impact creates a dynamic work environment that fosters growth and learning.

What You Will Do

• Implement fine-grained permission systems for Job Tokens, Personal Access Tokens, and the GitLab Duo Agent Platform, ensuring secure access to resources across the Gitlab platform.
• Collaborate with Security, Authentication, Database, and Platform teams on authorization stack initiatives, aligning designs and implementation plans to achieve seamless integration.
• Solve complex performance challenges in authorization, including query optimization, caching strategies, and database decomposition, with a focus on PostgreSQL.
• Design and evolve authorization systems that work across multiple deployment models and multi-tenant architectures, maintaining security and reliability.
• Drive improvements to authorization security, maintainability, and developer experience through code review, documentation, and technical leadership.
• Contribute to architectural decisions for authorization features, balancing immediate needs with future scalability and considering the long-term strategic view.
• Mentor and support other engineers in authorization patterns, policy-based access control, and secure coding practices in a fully remote, asynchronous environment.
• Participate in the development of next-generation authorization infrastructure, including the implementation of policy-as-code approaches and fine-grained permissions.

What We Are Looking For

• Professional experience building and maintaining large-scale authorization systems, preferably in a Ruby on Rails environment.
• Strong understanding of authorization infrastructure, policy-as-code approaches, and performance optimizations at scale.
• Experience with PostgreSQL, including query optimization and database decomposition.
• Knowledge of security principles, secure coding practices, and compliance requirements.
• Excellent communication and collaboration skills, with the ability to work effectively in a remote, asynchronous environment.
• Strong problem-solving skills, with the ability to analyze complex issues and develop creative solutions.
• Experience with code review, documentation, and technical leadership, with a focus on improving security, maintainability, and developer experience.

Nice to Have

• Experience with Gitlab's DevSecOps platform and its various deployment models.
• Knowledge of cloud-based infrastructure, including AWS or Google Cloud Platform.
• Familiarity with containerization using Docker and Kubernetes.
• Experience with agile development methodologies and version control systems, such as Git.

Benefits and Perks

• Competitive salary and benefits package, including health insurance, retirement plan, and paid time off.
• Opportunity to work with a talented team of engineers and contribute to the development of a cutting-edge DevSecOps platform.
• Flexible working hours and remote work options, with a stipend for remote work expenses.
• Access to training and development programs, including conferences, workshops, and online courses.
• Stock options and equity participation in a rapidly growing company.
• Recognition and reward programs, including bonuses and promotions based on performance.

• When applying for this role, be prepared to discuss your experience with authorization systems, policy-as-code approaches, and performance optimizations at scale.
• Highlight your understanding of security principles, secure coding practices, and compliance requirements, and be prepared to provide examples of how you've applied these principles in previous roles.
• Showcase your problem-solving skills by providing examples of complex issues you've analyzed and solved, and explain your approach to mentoring and supporting other engineers in a remote environment.
• Make sure your portfolio includes examples of your work with Ruby on Rails, PostgreSQL, and authorization infrastructure, and be prepared to discuss your experience with code review, documentation, and technical leadership.
• Research Gitlab's DevSecOps platform, its values, and its culture, and be prepared to discuss how your skills and experience align with the company's mission and goals.
• Prepare to discuss your experience with agile development methodologies, version control systems, and cloud-based infrastructure, and be ready to explain how you stay up-to-date with the latest developments in the field.