Staff Backend Engineer, Supply Chain

This is a fully remote position, open to applicants in India.

📋 Description

• Establish and guide the technical architecture for the SSCS Add-On, which encompasses backend systems for package policy enforcement, provenance generation, artifact signing, and detection of malicious packages.

• Oversee the design and implementation of Supply-chain Levels for Software Artifacts (SLSA) Level 2 and Level 3 functionalities within GitLab CI/CD.

• Design architecture for integrations with Sigstore services like Cosign, Fulcio, and Rekor, including methods for signing workflows, verification, and trust boundaries.

• Create backend services and request paths that facilitate allow, deny, and quarantine package policies, ensuring high performance and reliability standards.

• Evaluate merge requests with an emphasis on security, architectural coherence, maintainability, and quality of testing.

• Provide mentorship to Backend Engineers of varying experience levels, enhancing the technical standards through design advice, constructive feedback, and involvement in hiring processes.

• Collaborate with stakeholders from Product, Infrastructure, Authentication, Authorization, and Security on cross-team technical decisions.

• Engage in pertinent open-source and industry discussions, including participation in working groups focused on software supply chain security when applicable.

⛳️ Requirements

• Extensive experience in developing backend applications utilizing Ruby on Rails in a high-scale production setting.

• Professional experience with Go for backend or infrastructure-focused services.

• Proven history of leading architectural initiatives across multiple systems and shaping technical direction through sound engineering judgment.

• Experience in authoring clear technical proposals, request for comments documents, and decision records in an asynchronous, documentation-centric environment.

• A robust security mindset and comfort in working on products where trust, risk mitigation, and secure defaults are essential requirements.

• Understanding of software supply chain security concepts, including build provenance, artifact signing, dependency security, or software bill of materials.

• Excellent teamwork and communication skills, with the capability to collaborate effectively across distributed teams and functions.

• A strong interest in GitLab's values and in developing secure, scalable product functionalities that enable customers to release software confidently.

🏝️ Benefits

• Benefits to support your health, finances, and well-being

• Flexible Paid Time Off

• Team Member Resource Groups

• Equity Compensation & Employee Stock Purchase Plan

• Growth and Development Fund

• Parental leave

• Home office support