Staff Backend Engineer, SSCS: Supply Chain

About the Role

The SSCS team is a critical part of Gitlab's overall security strategy, and as a Staff Backend Engineer, you will play a key role in influencing technical direction and building security features that matter to customers. Your day-to-day work will involve writing clear technical proposals, guiding implementation across interconnected parts of Gitlab, and collaborating with industry leaders to solve complex problems.

What You Will Do

• Define and drive the technical architecture for the SSCS Add-On, including backend systems for package policy enforcement, provenance generation, artifact signing, and malicious package detection.
• Lead design and implementation work for Supply-chain Levels for Software Artifacts (SLSA) Level 2 and Level 3 capabilities within Gitlab CI/CD.
• Architect integrations with Sigstore services such as Cosign, Fulcio, and Rekor, including approaches for signing workflows, verification, and trust boundaries.
• Design backend services and request paths that support allow, deny, and quarantine package policies with strong performance and reliability expectations.
• Review merge requests with a focus on security, architectural consistency, maintainability, and test quality.
• Mentor Backend Engineers across experience levels, helping raise the technical bar through design guidance, feedback, and hiring participation.
• Partner with Product, Infrastructure, and Authentication teams to ensure alignment on technical vision and strategic goals.
• Collaborate with the security team to identify and mitigate potential security threats.
• Participate in the development of technical roadmaps and strategic planning for the SSCS team.

What We Are Looking For

• 8+ years of experience in software development, with a focus on backend engineering and security.
• Strong technical leadership skills, with the ability to influence technical direction and architecture.
• Experience with cloud-based technologies, such as AWS or Google Cloud Platform.
• Strong understanding of security principles, including secure coding practices and threat modeling.
• Experience with containerization technologies, such as Docker.
• Strong communication and collaboration skills, with the ability to work effectively in a remote, asynchronous environment.
• Experience with Agile development methodologies and version control systems, such as Git.

Nice to Have

• Experience with Sigstore and other supply chain security tools.
• Knowledge of DevSecOps practices and principles.
• Experience with machine learning and artificial intelligence technologies.
• Certification in security or a related field.
• Experience with compliance frameworks, such as SOC 2 or HIPAA.

Benefits and Perks

• Competitive salary and equity package.
• Flexible, remote work environment with a stipend for home office setup.
• Generous PTO and holiday policy.
• Comprehensive health, dental, and vision insurance.
• 401(k) matching program.
• Professional development opportunities, including training and conference sponsorships.
• Access to cutting-edge technologies and tools.
• Collaborative, dynamic work environment with a team of experienced professionals.

• Focus on showcasing your technical leadership skills and experience with backend engineering and security.
• Be prepared to discuss your approach to secure coding practices and threat modeling.
• Highlight your ability to work effectively in a remote, asynchronous environment and collaborate with cross-functional teams.
• Make sure your portfolio includes examples of your work with cloud-based technologies and containerization.
• Research Gitlab's values and mission, and be prepared to discuss how your skills and experience align with them.
• Practice your communication skills, as clear and concise communication is critical in a remote work environment.