Senior Fullstack Engineer, AST: Secret Detection (Ruby)

Position Overview

• Location Type:
• Job Type:
• Salary:

GitLab is an open core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world. When everyone can contribute, consumers become contributors, significantly accelerating the rate of human progress. This mission is integral to our culture, influencing how we hire, build products, and lead our industry. We make this possible at GitLab by running our operations on our product and staying aligned with our values. Learn more about Life at GitLab.

Thanks to products like Duo Enterprise, and Duo Workflow, customers get the benefit of AI at every stage of the SDLC. The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier. All team members are encouraged and expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact across our global organisation.

As a member of the Secret Detection team, you'll be at the forefront of protecting sensitive data by creating specialized tools that prevent, detect, and remediate leaked secrets in code. Our team focuses on the complete secret management lifecycle - from push protection to pipeline-based scanning, providing automated remediation workflows and audit trails when necessary. We’re passionate about embedding security into the development process seamlessly, allowing developers to focus on innovation while we handle security concerns proactively.

You'll help developers safeguard their credentials, API keys, and other sensitive information by building sophisticated detection patterns, reducing false positives, and creating seamless remediation paths when secrets are discovered. Your work will enable organizations to quickly identify exposed secrets, understand their impact, and efficiently revoke and rotate compromised credentials.

Your impact will be significant and far-reaching, as our solutions protect both GitLab's ecosystem and the sensitive data of thousands of organizations worldwide, preventing costly data breaches before they happen.

Some examples of our projects:

• Prevent secret leaks in source code with GitLab Secret Push Protection
• Verify validity of secret detection findings

Responsibilities

• Lead the design and implementation of fullstack features for our Secret Detection offering, contributing to both the frontend (Vue.js) and backend (Ruby on Rails, GraphQL).
• Write clean, well-tested code that meets our internal standards for style, maintainability, and best practices for a high-scale web environment.
• Mentor and support fellow engineers, especially those looking to grow into fullstack contributors.
• Collaborate with Product Management and other stakeholders within Engineering (Frontend, UX, etc.) to maintain a high bar for quality in a fast-paced, iterative environment.
• Experience with performance and optimization problems and a demonstrated ability to both diagnose and prevent these problems.
• Contribute to code reviews, RFCs, and Proof-of-Concepts that shape the technical direction of the product.
• Recognize impediments to our efficiency as a team ("technical debt"), propose and implement solutions.
• Work async-first with a globally distributed team, while also participating in necessary sync meetings like high level planning, engineering brainstorming sessions and pairing sessions.

Requirements

• 3+ years of professional experience with Vue.js, GraphQL, and Ruby on Rails.
• Proven ability to mentor engineers, lead technical initiatives, and drive frontend and fullstack best practices.
• Knowledge of security concepts, vulnerabilities, mitigation techniques, and secure coding practices is preferred.
• Background in developing or using security tools or products.
• Hands-on experience.