Intermediate Backend Engineer, Govern: Security Policies

Remote

GitLab is an open core software company that develops the most comprehensive AI-powered DevSecOps Platform (https://about.gitlab.com/solutions/devops-platform) , used by more than 100,000 organizations. Our mission (https://about.gitlab.com/company/mission) is to enable everyone to contribute to and co-create the software that powers our world. When everyone can contribute, consumers become contributors, significantly accelerating the rate of human progress. This mission is integral to our culture, influencing how we hire, build products, and lead our industry. We make this possible at GitLab by running our operations (https://about.gitlab.com/handbook/using-gitlab-at-gitlab) on our product and staying aligned with our values (https://about.gitlab.com/handbook/values) . Learn more about Life at GitLab (https://vimeo.com/gitlab/gettoknowgitlab) .

An overview of this role

Join GitLab's Security Policies team and be at the forefront of building a more secure software development lifecycle! As a Backend Engineer (https://handbook.gitlab.com/job-families/engineering/development/backend/) , you will play a crucial role in empowering organizations to define, implement, and manage security policies within GitLab. Initially, your focus will be enhancing the quality and robustness of our current feature set. This includes reducing our test gap, leading testing efforts, and developing comprehensive automated test cases. By solidifying our existing foundation, you'll be setting the stage for the future of Security Policies (https://about.gitlab.com/direction/govern/security_policies/#priorities) . Once our foundation is solid, you'll leverage your expertise to help us introduce powerful new features that give customers greater control and visibility over their security posture. You'll collaborate closely with product manager, designers, and frontend engineers to deliver a seamless and impactful user experience. If you're driven to make a real difference in the world of DevSecOps, we encourage you to apply!

Examples of our projects:

• Pipeline Execution Policies (https://docs.gitlab.com/ee/user/application_security/policies/pipeline_execution_policies.html)

• Scan Execution Policies (https://docs.gitlab.com/ee/user/application_security/policies/scan_execution_policies.html)

• Merge Request Approval Policies (https://docs.gitlab.com/ee/user/application_security/policies/scan-result-policies.html)

• External Status Checks (https://docs.gitlab.com/ee/user/project/merge_requests/status_checks.html)

What You’ll Do

• Build and enhance Security Policies features with a focus on security, performance, and robust testing.

• Take ownership of feature quality by executing manual test cases and driving improvements to the verification process.

• Partner with Product Management and Engineering to uphold rigorous quality standards.

• Champion continuous improvement in product quality, security, and performance.

• Deliver clean, maintainable code adhering to best practices for high-scale web applications.

• Provide timely and constructive code reviews, fostering a welcoming environment for community contributions.

• Proactively identify and address technical debt, optimizing team efficiency.

• Deliver features independently while excelling in collaborative environments for larger projects.

• Contribute to on-call rotations, ensuring the stability and security of GitLab operations.

What You’ll Bring

• Proven expertise (https://about.gitlab.com/job-families/engineering/backend-engineer/#professional-experience) in Ruby on Rails development.

• Proficiency in relational databases, particularly PostgreSQL.

• Ability to articulate complex technical challenges and propose well-defined, iterative solutions.

• Solid understanding of software testing principles and experience with quality assurance tasks.

• Comfort working in a highly agile, intensely iterative (https://about.gitlab.com/handbook/values/#iteration) software development process

• Effective communication skills: Regularly achieve consensus with peers (https://about.gitlab.com/handbook/values/#collaboration) , provide clear and consistent status updates, with a positive and solution-oriented mindset.

• Experience owning a project from concept to production, including proposal, discussion, and execution

• Highly organized, self-starter (https://about.gitlab.com/handbook/values/#efficiency) with strong self-management skills.

About the team

The Security Policies team is at the forefront of security policy management, building powerful tools that empower organizations to secure their software development lifecycle. They are focused on enabling automated policy enforcement, providing detailed insights into security posture, and simplifying the process of managing policies across different environments. If you are passionate about building secure and reliable software, this team offers a unique opportunity to impact how companies approach security.

Our technical roadmap is available here (https://about.gitlab.com/direction/govern/security_policies/#priorities) . In the future, we will work on improving current policy types and implementing new ones, as well as collaborate with other teams. Additional challenges we will tackle will require us to collaborate with different groups, ie. from Secure and other Govern groups. Additionally, we will enhance External Status Checks with additional features.

More information about our team:

• Engineering sub-department handbook page (https://handbook.gitlab.com/handbook/engineering/development/sec/govern/security-policies/)

• Product direction page (https://about.gitlab.com/direction/govern/security_policies/security_policy_management/)

• Priorities list (https://about.gitlab.com/direction/govern/security_policies/#priorities)

• YouTube Playlist (https://www.youtube.com/watch?v=mcDfLwORx1Q&list=PL05JrBw4t0Kq4O8RBlOKi_euwv8NyI8yt)

How GitLab will support you

• Benefits to support your health, finances, and well-being (https://about.gitlab.com/handbook/total-rewards/benefits/general-and-entity-benefits/)

• All remote (https://about.gitlab.com/company/culture/all-remote/guide/) , asynchronous (https://about.gitlab.com/company/culture/all-remote/asynchronous/) work environment

• Flexible Paid Time Off (https://about.gitlab.com/handbook/paid-time-off/)

• Team Member Resource Groups

• Equity Compensation & Employee Stock Purchase Plan (https://about.gitlab.com/handbook/stock-options/)

• Growth and development budget (https://about.gitlab.com/handbook/total-rewards/benefits/general-and-entity-benefits/#growth-and-development-benefit)

• Parental leave (https://about.gitlab.com/handbook/total-rewards/benefits/general-and-entity-benefits/#parental-leave)

• Home office (https://about.gitlab.com/handbook/finance/procurement/office-equipment-supplies/) support

Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups (https://about.gitlab.com/company/culture/inclusion/#examples-of-select-underrepresented-groups) are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application.

The base salary range for this role’s listed level is currently for residents of listed locations only. Grade level and salary ranges are determined through interviews and a review of education, experience, knowledge, skills, abilities of the applicant, equity with other team members, and alignment with market data. See more information on our benefits (https://about.gitlab.com/handbook/total-rewards/benefits/general-and-entity-benefits/)_ _and equity (https://about.gitlab.com/handbook/stock-options/)_ _. Sales roles are also eligible for incentive pay targeted at up to 100% of the offered base salary.

California/Colorado/Hawaii/New Jersey/New York/Washington/DC pay range

$98,000-$210,000USD

Country Hiring Guidelines: GitLab hires new team members in countries around the world. All of our roles are remote, however some roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process.

Privacy Policy: Please review our Recruitment Privacy Policy. (https://about.gitlab.com/handbook/hiring/candidate/faq/recruitment-privacy-policy/) Your privacy is important to us.

GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics. See also GitLab’s EEO Policy (https://about.gitlab.com/handbook/people-policies/inc-usa/#equal-employment-opportunity-policy) and EEO is the Law (https://about.gitlab.com/handbook/labor-and-employment-notices/#eeoc-us-equal-employment-opportunity-commission-notices) . If you have a disability or special need that requires accommodation (https://about.gitlab.com/handbook/people-policies/inc-usa/#reasonable-accommodation) , please let us know during the recruiting process (https://about.gitlab.com/handbook/hiring/interviewing/#adjustments-to-our-interview-process) .