Intermediate Backend Engineer, Govern: Security Policies

An overview of this role

Join GitLab's Security Policies team and be at the forefront of building a more secure software development lifecycle! As a Backend Engineer, you will play a crucial role in empowering organizations to define, implement, and manage security policies within GitLab. Initially, your focus will be enhancing the quality and robustness of our current feature set. This includes reducing our test gap, leading testing efforts, and developing comprehensive automated test cases. By solidifying our existing foundation, you'll be setting the stage for the future of Security Policies. Once our foundation is solid, you'll leverage your expertise to help us introduce powerful new features that give customers greater control and visibility over their security posture. You'll collaborate closely with product manager, designers, and frontend engineers to deliver a seamless and impactful user experience. If you're driven to make a real difference in the world of DevSecOps, we encourage you to apply!

Examples of our projects:

• Pipeline Execution Policies
• Scan Execution Policies
• Merge Request Approval Policies
• External Status Checks

What You’ll Do  

• Build and enhance Security Policies features with a focus on security, performance, and robust testing.
• Take ownership of feature quality by executing manual test cases and driving improvements to the verification process.
• Partner with Product Management and Engineering to uphold rigorous quality standards.
• Champion continuous improvement in product quality, security, and performance.
• Deliver clean, maintainable code adhering to best practices for high-scale web applications.
• Provide timely and constructive code reviews, fostering a welcoming environment for community contributions.
• Proactively identify and address technical debt, optimizing team efficiency.
• Deliver features independently while excelling in collaborative environments for larger projects.
• Contribute to on-call rotations, ensuring the stability and security of GitLab operations.

What You’ll Bring 

• Proven expertise in Ruby on Rails development.
• Proficiency in relational databases, particularly PostgreSQL.
• Ability to articulate complex technical challenges and propose well-defined, iterative solutions.
• Solid understanding of software testing principles and experience with quality assurance tasks.
• Comfort working in a highly agile, intensely iterative software development process
• Effective communication skills: Regularly achieve consensus with peers, provide clear and consistent status updates, with a positive and solution-oriented mindset.
• Experience owning a project from concept to production, including proposal, discussion, and execution
• Highly organized, self-starter with strong self-management skills.

About the team

The Security Policies team is at the forefront of security policy management, building powerful tools that empower organizations to secure their software development lifecycle. They are focused on enabling automated policy enforcement, providing detailed insights into security posture, and simplifying the process of managing policies across different environments. If you are passionate about building secure and reliable software, this team offers a unique opportunity to impact how companies approach security.

Our technical roadmap is available here. In the future, we will work on improving current policy types and implementing new ones, as well as collaborate with other teams. Additional challenges we will tackle will require us to collaborate with different groups, ie. from Secure and other Govern groups. Additionally, we will enhance External Status Checks with additional features.

More information about our team:

• Engineering sub-department handbook page
• Product direction page
• Priorities list
• YouTube Playlist

How GitLab will support you

• Benefits to support your health, finances, and well-being
• All remote, asynchronous work environment
• Flexible Paid Time Off
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and development budget 
• Parental leave 
• Home office support

Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application.