GitLab

Senior Fullstack Engineer, AST: Secret Detection (Ruby)

Remote

Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Software Development, Cybersecurity, DevSecOpsIndustries

Position Overview

  • Location Type:
  • Job Type:
  • Salary:

GitLab is an open core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world. When everyone can contribute, consumers become contributors, significantly accelerating the rate of human progress. This mission is integral to our culture, influencing how we hire, build products, and lead our industry. We make this possible at GitLab by running our operations on our product and staying aligned with our values. Learn more about Life at GitLab.

Thanks to products like Duo Enterprise, and Duo Workflow, customers get the benefit of AI at every stage of the SDLC. The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier. All team members are encouraged and expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact across our global organisation.

As a member of the Secret Detection team, you'll be at the forefront of protecting sensitive data by creating specialized tools that prevent, detect, and remediate leaked secrets in code. Our team focuses on the complete secret management lifecycle - from push protection to pipeline-based scanning, providing automated remediation workflows and audit trails when necessary. We’re passionate about embedding security into the development process seamlessly, allowing developers to focus on innovation while we handle security concerns proactively.

You'll help developers safeguard their credentials, API keys, and other sensitive information by building sophisticated detection patterns, reducing false positives, and creating seamless remediation paths when secrets are discovered. Your work will enable organizations to quickly identify exposed secrets, understand their impact, and efficiently revoke and rotate compromised credentials.

Your impact will be significant and far-reaching, as our solutions protect both GitLab's ecosystem and the sensitive data of thousands of organizations worldwide, preventing costly data breaches before they happen.

Some examples of our projects:

  • Prevent secret leaks in source code with GitLab Secret Push Protection
  • Verify validity of secret detection findings

Responsibilities

  • Lead the design and implementation of fullstack features for our Secret Detection offering, contributing to both the frontend (Vue.js) and backend (Ruby on Rails, GraphQL).
  • Write clean, well-tested code that meets our internal standards for style, maintainability, and best practices for a high-scale web environment.
  • Mentor and support fellow engineers, especially those looking to grow into fullstack contributors.
  • Collaborate with Product Management and other stakeholders within Engineering (Frontend, UX, etc.) to maintain a high bar for quality in a fast-paced, iterative environment.
  • Experience with performance and optimization problems and a demonstrated ability to both diagnose and prevent these problems.
  • Contribute to code reviews, RFCs, and Proof-of-Concepts that shape the technical direction of the product.
  • Recognize impediments to our efficiency as a team ("technical debt"), propose and implement solutions.
  • Work async-first with a globally distributed team, while also participating in necessary sync meetings like high level planning, engineering brainstorming sessions and pairing sessions.

Requirements

  • 3+ years of professional experience with Vue.js, GraphQL, and Ruby on Rails.
  • Proven ability to mentor engineers, lead technical initiatives, and drive frontend and fullstack best practices.
  • Knowledge of security concepts, vulnerabilities, mitigation techniques, and secure coding practices is preferred.
  • Background in developing or using security tools or products.
  • Hands-on experience.

Skills

Ruby
Security
Secret Detection
Automated Remediation
Pipeline Scanning
Detection Patterns
False Positives Reduction

GitLab

Unified DevOps platform for software development

About GitLab

GitLab offers a DevOps platform that simplifies the software development process by providing a single application for collaboration, visibility, and speed. The platform integrates various tools needed for software development, which helps teams manage their projects more efficiently without juggling multiple tools. This allows companies to concentrate on enhancing their products instead of spending too much time on builds. GitLab serves a wide range of clients, including large corporations from different industries, demonstrating its versatility. The company operates on a subscription-based model, where clients pay for access to the platform, which includes features for continuous integration and deployment. GitLab also provides free trials and regularly updates its platform to deliver ongoing value to its users. By customizing its offerings and partnering with other technology providers, GitLab aims to enhance its ecosystem and drive revenue.

San Francisco, CaliforniaHeadquarters
2014Year Founded
$421.8MTotal Funding
IPOCompany Stage
Consulting, Enterprise SoftwareIndustries
1,001-5,000Employees

Benefits

Spending Company Money
Equity Compensation
Life Insurance
Financial Wellness
Paid Time Off
Growth and Development Benefit
GitLab Contribute
Business Travel Accident Policy
Immigration
Employee Assistance Program
Incentives
All-Remote
Part-time contracts
Meal Train
Fertility & Family Planning
Parental Leave

Risks

AI-powered coding assistants like Claude pose a competitive threat to GitLab's platform.
Potential sale to Datadog may lead to strategic shifts misaligned with customer expectations.
Integration of Oxeye may distract from GitLab's core DevOps offerings.

Differentiation

GitLab offers a unified DevOps platform, reducing complexity in software development.
The platform integrates tools for collaboration, visibility, and speed, enhancing development processes.
GitLab's open-source model fosters continuous innovation with a large developer community.

Upsides

Acquiring Oxeye enhances GitLab's cloud security, appealing to security-conscious enterprises.
Partnership with Ooredoo Kuwait expands GitLab's influence in the telecommunications sector.
Potential sale to Datadog could create strategic synergies and expand market reach.

Land your dream remote job 3x faster with AI