
Gitlab · Bangalore
GitLab is the intelligent orchestration platform for DevSecOps. GitLab enables organizations to increase developer productivity, improve operational efficiency,...
GitLab is the intelligent orchestration platform for DevSecOps. GitLab enables organizations to increase developer productivity,
improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. More than 50 million
registered users and more than 50% of the Fortune 100* trust GitLab to ship better, more secure software faster.
The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier,
with all team members expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact. GitLab is
where careers accelerate, innovation flourishes, and every voice is valued. Our high-performance culture is driven by our
values and continuous knowledge exchange, enabling our team members to reach their full potential while collaborating with
industry leaders to solve complex problems. Co-create the future with us as we build technology that transforms how the world
develops software.
refers to the top 20% ranked companies in the 2025 Fortune 500 list, published in June 2025. Fortune and Fortune Media IP Limited
are not affiliated with, and do not endorse products or services of GitLab.
As a Senior Backend Engineer on the GitLab Upgrades team, you’ll help self-managed customers run GitLab reliably by building and
maintaining the infrastructure, tooling, and automation behind our deployment options. You’ll work across Omnibus GitLab, GitLab
Helm Charts, the GitLab Environment Toolkit (Get), and the GitLab Operator to make GitLab easier to deploy, more secure by
default, and scalable across major cloud providers and a wide range of customer environments. In this role, you’ll partner closely
with engineering teams and act as a bridge to customer needs, improving installation, upgrade, and day-to-day operations for
production-grade GitLab deployments.
enterprise-scale deployments
and other self-managed environments
deployment stability, increasing upgrade success rates, and reducing escalation rates.
deployment friction, shortening time to deploy, and improving operational consistency at scale.
Kubernetes-native lifecycle management, improving reliability, strengthening security baselines, and accelerating adoption in
customer environments.
self-managed customers, reducing operational overhead, lowering failure rates, and increasing consistency across deployment
methods.
reducing exposure to vulnerabilities and improving baseline security across self-managed deployments.
Charts, Get, and the Operator, increasing release confidence, improving test coverage, and reducing regressions across
deployment tooling.
features into deployment methods and keep them reliable, scalable, and aligned with customer needs, improving delivery
readiness and reducing operational issues after release.
technical quality, accelerating delivery effectiveness, and strengthening team execution.
Helm-based environments.
providers such as Google Cloud Platform, Amazon Web Services, or Microsoft Azure.
communication.
documentation and implementation guides.
The Upgrades team is part of GitLab Delivery and focuses on helping self-managed customers run GitLab successfully in their own
environments, from smaller deployments to large enterprise footprints. We own deployment and operational tooling across our work
on Omnibus GitLab, Helm Charts, Get, and the GitLab Operator, and we work as a globally distributed, all-remote group that works
asynchronously with Site Reliability Engineering, Release, Security, and Development teams across regions. We are focused on
making self-managed GitLab easier to deploy, upgrade, secure, and operate at scale. For more on how we work, see Team Handbook
Page.
Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet
every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a
job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to
assess your application.
Country Hiring Guidelines: GitLab hires new team members in countries around the world. All of our roles are remote, however some
roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about
location after starting the recruiting process.
Privacy Policy: Please review our Recruitment Privacy Policy. Your privacy is important to us.
GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices
relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit,
regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender
expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including
family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently
separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis
protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics. See also GitLab’s
EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know during
the recruiting process.
GitLab is the intelligent orchestration platform for DevSecOps. GitLab enables organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. More than 50 million registered users and more than 50% of the Fortune 100* trust GitLab to ship better, more secure software faster. The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier, with all team members expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact. GitLab is where careers accelerate, innovation flourishes, and every voice is valued. Our high-performance culture is driven by our values and continuous knowledge exchange, enabling our team members to reach their full potential while collaborating with industry leaders to solve complex problems. Co-create the future with us as we build technology that transforms how the world develops software. *Fortune 500® is a registered trademark of Fortune Media IP Limited, used under license. Claim based on GitLab data. Fortune 100 refers to the top 20% ranked companies in the 2025 Fortune 500 list, published in June 2025. Fortune and Fortune Media IP Limited are not affiliated with, and do not endorse products or services of GitLab. AN OVERVIEW OF THIS ROLE As a Senior Backend Engineer at GitLab, you will help build the core capabilities of our dedicated software supply chain security Add-On. This commercial offering helps organizations control what software enters their builds, verify the integrity of what they ship, and identify malicious packages before they reach production. You will work across a set of connected backend systems that support package policy enforcement, artifact signing and verification, provenance attestation, and malicious package intelligence. This is a founding role on a small team with a high level of responsibility. The engineering choices you make in API design, testing, performance, and security will help shape how this product grows. You will work closely with a Staff Backend Engineer on architecture and partner with other engineers to deliver secure, reliable features for enterprise customers with complex supply chain security needs. This role is well suited for someone who wants to combine solid Ruby on Rails backend skills with deep technical problems in security, platform design, and product development in GitLab's all-remote, asynchronous environment. Some examples of our projects: * Building backend services for package policy enforcement and dependency control * Implementing artifact signing, verification, and provenance workflows using the Sigstore ecosystem WHAT YOU’LL DO * Design and implement backend features across the Add-On's software supply chain security surface, including policy enforcement, artifact signing and verification, provenance attestation APIs, and malicious package detection integrations, delivering secure capabilities that meet enterprise customer requirements. * Build and improve the package policy evaluation engine, including rule compilation, request matching, enforcement decisions, and performance-sensitive execution paths tied to GitLab's Dependency Firewall infrastructure, improving accuracy, reliability, and execution performance. * Develop artifact signing and verification workflows, including Sigstore and Cosign integrations, signing key lifecycle management, keyless signing with OpenID Connect (OIDC), and policy-based promotion gates, enabling trusted and auditable software delivery. * Create and evolve the configuration interfaces that enterprise security teams use, including backend APIs and the GraphQL surface for expressing supply chain security requirements, improving usability and adoption for customer administrators. * Integrate Add-On capabilities with GitLab's existing security policy framework, including policy inheritance and policy-as-code support through YAML, expanding coverage across customer security workflows. * Collaborate with adjacent teams as malicious package intelligence is incorporated into the Add-On offering, helping deliver cohesive workflows and faster response to package risk. * Write and maintain comprehensive RSpec and integration test coverage, and help improve test reliability across the team, increasing confidence in releases and reducing regressions. * Review merge requests with a security-first mindset and implement solutions with substantial decision-making scope in partnership with the Staff Backend Engineer, maintaining code quality and secure engineering standards. WHAT YOU’LL BRING * Proven backend engineering experience, including production Ruby on Rails expertise, as this is the team's primary language. * Working knowledge of Go or a clear willingness and ability to ramp up quickly in it. * Solid API design skills, including experience with REST, GraphQL, and defining clear internal service boundaries. * Solid PostgreSQL fundamentals, including schema design, query optimization, and indexing strategies. * Experience with Redis for caching and distributed coordination patterns. * A security-aware engineering mindset, with sound judgment around trust boundaries, input validation, and failure modes. * Familiarity with software supply chain security concepts such as Supply-chain Levels for Software Artifacts (SLSA), software bill of materials (SBOM), artifact signing, or related security scanning approaches. * Interest in complex policy, registry, or platform problems, including areas such as rules engines, package ecosystems, cryptographic signing, or DevSecOps product development. ABOUT THE TEAM The SSCS Add-On team is part of GitLab's Software Supply Chain Security stage and is focused on building a commercial offering that addresses real supply chain security challenges for enterprise customers. The team works on capabilities that combine multiple parts of the GitLab product into a more complete security solution for organizations with strong compliance and risk management needs. The work is both technically interesting and strategically important. The team is building in a space shaped by fast-moving threats, evolving customer requirements, and close coordination with nearby teams across the broader security area. That combination creates an environment where engineers can contribute to product direction while solving practical backend challenges in a visible part of GitLab's platform. For more on how related teams work, see Team Handbook Page. HOW GITLAB SUPPORTS FULL-TIME EMPLOYEES * Benefits to support your health, finances, and well-being * Flexible Paid Time Off * Team Member Resource Groups * Equity Compensation & Employee Stock Purchase Plan * Growth and Development Fund * Parental Leave Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application. ---------------------------------------------------------------------------------------------------------------------------------- Country Hiring Guidelines: GitLab hires new team members in countries around the world. All of our roles are remote, however some roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process. Privacy Policy: Please review our Recruitment Privacy Policy. Your privacy is important to us. GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics. See also GitLab’s EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know during the recruiting process.
GitLab is the intelligent orchestration platform for DevSecOps. GitLab enables organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. More than 50 million registered users and more than 50% of the Fortune 100* trust GitLab to ship better, more secure software faster. The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier, with all team members expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact. GitLab is where careers accelerate, innovation flourishes, and every voice is valued. Our high-performance culture is driven by our values and continuous knowledge exchange, enabling our team members to reach their full potential while collaborating with industry leaders to solve complex problems. Co-create the future with us as we build technology that transforms how the world develops software. *Fortune 500® is a registered trademark of Fortune Media IP Limited, used under license. Claim based on GitLab data. Fortune 100 refers to the top 20% ranked companies in the 2025 Fortune 500 list, published in June 2025. Fortune and Fortune Media IP Limited are not affiliated with, and do not endorse products or services of GitLab. AN OVERVIEW OF THIS ROLE As an Engineering Manager, you’ll guide GitLab’s dedicated Software Supply Chain Security (SSCS) Add-On engineering team as it develops core capabilities including Dependency Firewall, Build Provenance, Malicious Packages detection, and Artifact Signing. This is a founding management role where you’ll help shape how the team works, partner closely with the Staff Backend Engineer, Product Manager, and SSCS stage management, and turn a defined roadmap into steady, high-quality delivery for enterprise customers with strict security and compliance needs. You’ll focus on developing the team, creating a healthy operating rhythm, and establishing predictable execution for the SSCS SKU. You’ll join a product area where customers in regulated industries are already validating the need, and your work will help GitLab deliver software supply chain security features that customers can rely on. While technical credibility matters, your main focus will be growing a strong backend engineering team, enabling team members in their development, and creating the conditions for long-term delivery and quality. WHAT YOU’LL DO * Guide a backend engineering team building the SSCS Add-On across dependency enforcement, build provenance, malicious package detection, and artifact signing. * Be responsible for Drive engineering delivery for general availability milestones by aligning sequencing, scope, and dependencies with the Staff Backend Engineer and Product Manager. * Develop the team by partnering with Talent Acquisition on sourcing, interview design, candidate evaluation, and hiring decisions. * Run regular 1:1s, performance reviews, and career development conversations that enable growth and clear expectations. * Advance engineering quality by monitoring cycle time, defect rates, and test coverage, and by addressing risks early. * Coordinate quarterly planning and roadmap tradeoff discussions with SSCS stage leadership and Product. * Work with Finance and other partners on headcount pacing and team planning as the Add-On scales. * Represent the SSCS Add-On team within stage leadership discussions and help ensure strong communication across functions. WHAT YOU’LL BRING * Over 3 years of experience guiding backend product engineering teams in security, DevOps, or platform engineering environments. * Ability to hire and grow backend or security engineers in distributed team environments, with practical understanding of the talent landscape for these roles. * Technical credibility to contribute to architecture discussions involving package registries, CI/CD pipeline security, and signing infrastructure. * Experience managing predictable delivery across multi-quarter product roadmaps and managing cross-team dependencies. * Comfort working in an asynchronous, documentation-driven organization with clear written communication. * Familiarity with supply chain security, artifact management, or compliance-focused product areas, or transferable experience from related domains. * Working knowledge of concepts related to frameworks and ecosystems such as SLSA and Sigstore. * Ability to build credibility with engineers, product partners, and customer-facing stakeholders through clear judgment, coaching, and teamwork. ABOUT THE TEAM The SSCS Add-On team is a product engineering team within GitLab’s Software Supply Chain Security stage. We work on key capabilities in the SSCS Add-On SKU and collaborate closely with product and engineering partners to deliver security features for customers operating in regulated environments. You’ll report to the SSCS Senior Engineering Manager and partner directly with the Staff Backend Engineer and Product Manager. As a distributed team working asynchronously across regions, we are focused on strong delivery practices, team health, and scaling the product area with clarity and accountability. For more on how related teams work, see Team Handbook Page. HOW GITLAB SUPPORTS FULL-TIME EMPLOYEES * Benefits to support your health, finances, and well-being * Flexible Paid Time Off * Team Member Resource Groups * Equity Compensation & Employee Stock Purchase Plan * Growth and Development Fund * Parental Leave Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application. ---------------------------------------------------------------------------------------------------------------------------------- Country Hiring Guidelines: GitLab hires new team members in countries around the world. All of our roles are remote, however some roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process. Privacy Policy: Please review our Recruitment Privacy Policy. Your privacy is important to us. GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics. See also GitLab’s EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know during the recruiting process.
GitLab is the intelligent orchestration platform for DevSecOps. GitLab enables organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. More than 50 million registered users and more than 50% of the Fortune 100* trust GitLab to ship better, more secure software faster. The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier, with all team members expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact. GitLab is where careers accelerate, innovation flourishes, and every voice is valued. Our high-performance culture is driven by our values and continuous knowledge exchange, enabling our team members to reach their full potential while collaborating with industry leaders to solve complex problems. Co-create the future with us as we build technology that transforms how the world develops software. *Fortune 500® is a registered trademark of Fortune Media IP Limited, used under license. Claim based on GitLab data. Fortune 100 refers to the top 20% ranked companies in the 2025 Fortune 500 list, published in June 2025. Fortune and Fortune Media IP Limited are not affiliated with, and do not endorse products or services of GitLab. AN OVERVIEW OF THIS ROLE As a Staff Backend Engineer at GitLab, you will help shape a major investment in our Software Supply Chain Security offering. In this role, you'll serve as a senior technical leader for backend systems that help customers secure how software is built, verified, and delivered inside the GitLab platform. You'll work on foundational capabilities across package policy enforcement, build provenance, artifact signing, and malicious package detection, with a strong focus on enterprise-grade security and performance. You'll define architecture before systems are built, write clear technical proposals, and guide implementation across interconnected parts of GitLab such as CI/CD, dependency management, and security workflows. This role is a strong fit for someone who enjoys solving complex backend problems, influencing technical direction across teams, and building security features that matter to customers facing real threats. You'll do this in GitLab's remote, asynchronous, and values-driven environment, where written communication, ownership, and teamwork are central to how we work. Some examples of our projects: * Dependency Firewall for package policy enforcement across supported registries * Artifact attestation and signing using supply chain security standards and the Sigstore ecosystem WHAT YOU’LL DO * Define and drive the technical architecture for the SSCS Add-On, including backend systems for package policy enforcement, provenance generation, artifact signing, and malicious package detection. * Lead design and implementation work for Supply-chain Levels for Software Artifacts (SLSA) Level 2 and Level 3 capabilities within GitLab CI/CD. * Architect integrations with Sigstore services such as Cosign, Fulcio, and Rekor, including approaches for signing workflows, verification, and trust boundaries. * Design backend services and request paths that support allow, deny, and quarantine package policies with strong performance and reliability expectations. * Review merge requests with a focus on security, architectural consistency, maintainability, and test quality. * Mentor Backend Engineers across experience levels, helping raise the technical bar through design guidance, feedback, and hiring participation. * Partner with Product, Infrastructure, Authentication, Authorization, and Security counterparts on cross-team technical decisions. * Contribute to relevant open source and industry conversations, including working groups related to software supply chain security where appropriate. WHAT YOU’LL BRING * Strong experience building backend applications with Ruby on Rails in a high-scale production environment. * Professional experience with Go for backend or infrastructure-oriented services. * A track record of leading architecture across multiple systems and influencing technical direction through strong engineering judgment. * Experience writing clear technical proposals, request for comments documents, and decision records in an async, documentation-first environment. * A solid security mindset and comfort working on products where trust, risk reduction, and secure defaults are central requirements. * Familiarity with software supply chain security concepts such as build provenance, artifact signing, dependency security, or software bill of materials. * Strong teamwork and communication skills, with the ability to work effectively across distributed teams and functions. * Interest in GitLab's values and in building secure, scalable product capabilities that help customers ship software with confidence. ABOUT THE TEAM The SSCS Add-On team is part of GitLab's Software Supply Chain Security stage and is focused on building a commercial offering that addresses real supply chain security challenges for enterprise customers. The team works on capabilities that combine multiple parts of the GitLab product into a more complete security solution for organizations with strong compliance and risk management needs. The work is both technically interesting and strategically important. The team is building in a space shaped by fast-moving threats, evolving customer requirements, and close coordination with nearby teams across the broader security area. That combination creates an environment where engineers can contribute to product direction while solving practical backend challenges in a visible part of GitLab's platform. For more on how related teams work, see Team Handbook Page. HOW GITLAB SUPPORTS FULL-TIME EMPLOYEES * Benefits to support your health, finances, and well-being * Flexible Paid Time Off * Team Member Resource Groups * Equity Compensation & Employee Stock Purchase Plan * Growth and Development Fund * Parental Leave Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application. ---------------------------------------------------------------------------------------------------------------------------------- Country Hiring Guidelines: GitLab hires new team members in countries around the world. All of our roles are remote, however some roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process. Privacy Policy: Please review our Recruitment Privacy Policy. Your privacy is important to us. GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics. See also GitLab’s EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know during the recruiting process.