Senior Backend Engineer, SSCS: Supply Chain

GitlabGitlab·Remote(Remote, India)
Software Development
Adjust

WFA Digital Insight

As the demand for secure software development grows, companies like Gitlab are leading the charge. With a 25% increase in remote tech jobs in 2025, skilled backend engineers are in high demand. Gitlab's commitment to AI-driven innovation and secure software delivery makes this role an exciting opportunity for those passionate about DevSecOps. Before applying, candidates should be aware of the high level of responsibility and expertise required for this founding role on a small team.

Job Description

About the Role

The Senior Backend Engineer role at Gitlab is a founding position on a small team responsible for developing the company's dedicated software supply chain security Add-On. This commercial offering enables organizations to control what software enters their builds, verify the integrity of what they ship, and identify malicious packages before they reach production. As a Senior Backend Engineer, you will work across a set of connected backend systems that support package policy enforcement, artifact signing and verification, provenance attestation, and malicious package intelligence.

Day-to-day, you will collaborate closely with a Staff Backend Engineer on architecture and partner with other engineers to deliver secure, reliable features for enterprise customers with complex supply chain security needs. Your expertise in Ruby on Rails will be essential in driving the development of this Add-On, which is well-suited for someone who wants to combine solid backend skills with deep technical problems in security, platform design, and product development.

Gitlab's all-remote, asynchronous environment provides the perfect setting for self-motivated and disciplined engineers who thrive in a fast-paced, innovative space.

What You Will Do

  • Design and implement backend features across the Add-On's software supply chain security surface, including policy enforcement, artifact signing and verification, provenance attestation APIs, and malicious package detection integrations.
  • Build and improve the package policy evaluation engine, including rule compilation, request matching, enforcement decisions, and performance-sensitive execution paths tied to GitLab's Dependency Firewall infrastructure.
  • Develop artifact signing and verification workflows, including Sigstore and Cosign integrations, signing key lifecycle management, keyless signing with OpenID Connect (OIDC), and policy-based promotion gates.
  • Create and evolve the configuration interfaces that enterprise security teams use to manage their software supply chain security.
  • Collaborate with the Staff Backend Engineer on architecture and technical decisions that impact the Add-On's development.
  • Work closely with other engineers to deliver secure, reliable features for enterprise customers.
  • Participate in code reviews and contribute to the improvement of the codebase.
  • Stay up-to-date with industry trends and emerging technologies in software supply chain security.

What We Are Looking For

  • 5+ years of experience in backend engineering, preferably with Ruby on Rails.
  • Deep understanding of software supply chain security principles and practices.
  • Strong expertise in API design, testing, performance, and security.
  • Experience with artifact signing and verification workflows, including Sigstore and Cosign integrations.
  • Knowledge of DevSecOps practices and tools, such as GitLab's Dependency Firewall infrastructure.
  • Excellent communication and collaboration skills, with the ability to work effectively in a remote, asynchronous environment.
  • Strong problem-solving skills and attention to detail.

Nice to Have

  • Experience with cloud-based technologies, such as AWS or Google Cloud.
  • Familiarity with containerization using Docker and Kubernetes.
  • Knowledge of security frameworks and compliance standards, such as PCI-DSS or HIPAA.
  • Experience with agile development methodologies and version control systems, such as Git.

Benefits and Perks

  • Competitive salary and equity package.
  • Comprehensive health, dental, and vision insurance.
  • Generous PTO and holiday policy.
  • Remote work stipend and flexible working hours.
  • Professional development opportunities, including conference sponsorships and training programs.
  • Access to cutting-edge technologies and innovative projects.

How to Stand Out

  • Showcase your expertise in Ruby on Rails and software supply chain security principles in your resume and cover letter.
  • Prepare to discuss your experience with API design, testing, performance, and security during the interview process.
  • Highlight your ability to work effectively in a remote, asynchronous environment and collaborate with distributed teams.
  • Be ready to provide examples of your problem-solving skills and attention to detail in your previous roles.
  • Research Gitlab's values and mission to demonstrate your understanding of the company culture and how you can contribute to it.
  • Practice whiteboarding exercises to improve your coding skills and prepare for technical interviews.

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.