Senior Backend Engineer, Secure: Static Analysis
The GitLab DevSecOps platform empowers 100,000+ organizations to deliver software faster and more efficiently. We are one of the world’s largest all-remote companies with 2,000+ team members and values that foster a culture where people embrace the belief that everyone can contribute. Learn more about Life at GitLab.
An overview of this role
As a part of the GitLab Secure: Static Analysis team, your role will center around enhancing the security of software development within GitLab. This dynamic team is committed to helping developers write better code and worry less about common security mistakes. We do this by helping developers easily identify common security issues as code is being contributed, and mitigate these issues proactively.
You'll be working on innovative solutions and contributing to the development of cutting-edge security analysis tools. Your work will play a crucial role in securing GitLab's ecosystem and the software developed by its users.
Some examples of our projects:
What you’ll do
- Develop features and improvements to the GitLab product in a secure, well-tested, and performant way
- Collaborate with Product Management and other stakeholders within Engineering (Frontend, UX, etc.) to maintain a high bar for quality in a fast-paced, iterative environment
- Advocate for improvements to product quality, security, and performance
- Solve technical problems of moderate scope and complexity.
- Craft code that meets our internal standards for style, maintainability, and best practices for a high-scale web environment.
- Conduct Code Review within our Code Review Guidelines and ensure community contributions receive a swift response.
- Recognize impediments to our efficiency as a team ("technical debt"), propose and implement solutions
- Represent GitLab and its values in public communication around specific projects and community contributions.
- Confidently ship small features and improvements with minimal guidance and support from other team members. Collaborate with the team on larger projects.
- Participate in Tier 2 or Tier 3 weekday and weekend and occasional night on-call rotations to assist in troubleshooting product operations, security operations, and urgent engineering issues.
What you’ll bring
- Proven professional experience writing and testing quality code in Go
- A solid understanding of program analysis techniques (syntax and semantic analysis, data, and control flow analysis, etc.)
- At least 5 years experience in software engineering.
- Previous experience working on program analysis tools
- Knowledge of security concepts, vulnerabilities, mitigation techniques, and secure coding practices is preferred.
- Experience with Application Security and Ruby on Rails is a plus.
- Proficiency in the English language, both written and verbal - sufficient for success in a remote and largely asynchronous work environment.
- Experience with performance and optimization problems and a demonstrated ability to both diagnose and prevent these problems.
- Comfort working in a highly agile, intensely iterative software development process.
- An inclination towards communication, inclusion, and visibility.
- Experience owning a project from concept to production, including proposal, discussion, and execution.
- Self-motivated and self-managing, with excellent organizational skills.
- Demonstrated ability to work closely with other parts of the organization.
- Share our values, and work in accordance with those values.
- Ability to thrive in a fully remote organization.
About the team
The Static Analysis team is responsible for the SAST, Secret Detection, and Code Quality feature categories. We want to help developers write better code and worry less about common security mistakes. We do this by helping developers easily identify common security issues as code is being contributed, and mitigate these issues proactively.
We'd like to continue to expand our capabilities across these workflows, while also continuously improving the result quality across all types of findings our analyzers are responsible for detecting. Thanks to our Transparency value, you can see what we are working on in our Team page.
How GitLab will support you
- Benefits to support your health, finances, and well-being
- All remote, asynchronous work environment
- Flexible Paid Time Off
- Team Member Resource Groups
- Equity Compensation & Employee Stock Purchase Plan
- Growth and development budget
- Parental leave
- Home office support
Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are likely to only apply for a job if they meet every qualification. If you're excited about this role, please apply and allow our recruiters to assess your application.
Country Hiring Guidelines: GitLab hires new team members in countries around the world. All of our roles are remote, however some roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process.
GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics. See also GitLab’s EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know during the recruiting process.