Fullstack Engineer - Secure: Secret Detection

An overview of this role

As a part of the GitLab Secure:Secret Detection team your role will center around enhancing the security of software development within GitLab. This dynamic team is committed to helping developers write better code and worry less about common security mistakes. We do this by helping developers easily identify common security issues as code is being contributed and mitigate these issues proactively.

You'll be working on innovative solutions and contributing to the development of cutting-edge security analysis tools. Your work will play a crucial role in securing GitLab's ecosystem and the software developed by its users.

Some examples of our projects:

• SAST results in MR changes view

• Pre-receive Secret Detection

What you’ll do

• Develop features and improvements to the GitLab product in a secure well-tested and performant way

• Collaborate with Product Management and other stakeholders within Engineering (Frontend UX etc.) to maintain a high bar for quality in a fast-paced iterative environment

• Advocate for improvements to product quality security and performance

• Solve technical problems of moderate scope and complexity.

• Craft code that meets our internal standards for style maintainability and best practices for a high-scale web environment.

• Conduct Code Review within our Code Review Guidelines and ensure community contributions receive a swift response.

• Recognize impediments to our efficiency as a team ('technical debt') propose and implement solutions

• Represent GitLab and its values in public communication around specific projects and community contributions.

• Confidently ship small features and improvements with minimal guidance and support from other team members. Collaborate with the team on larger projects.

• Participate in Tier 2 or Tier 3 weekday and weekend and occasional night on-call rotations to assist in troubleshooting product operations security operations and urgent engineering issues.

What you’ll bring

• Professional experience working in Ruby on Rails and Vue.js.

• Experience building frontend web apps with REST and GraphQL.

• Experience writing automated tests (eg. Jest Karma Jasmine Mocha AVA tape).

• Experience with Go or motivation to learn.

• Knowledge of security concepts vulnerabilities mitigation techniques and secure coding practices is preferred.

• Proficiency in the English language both written and verbal -  sufficient for success in a remote and largely asynchronous work environment.

• Experience with performance and optimization problems and a demonstrated ability to both diagnose and prevent these problems.

• Comfort working in a highly agile intensely iterative software development process.

• An inclination towards communication inclusion and visibility.

• Experience owning a project from concept to production including proposal discussion and execution.

• Self-motivated and self-managing with excellent organizational skills.

• Demonstrated ability to work closely with other parts of the organization.

• Share our values and work in accordance with those values.

• Ability to thrive in a fully remote organization.

About the team

GitLab’s Secret Detection team is responsible for the Secret Detection and Code Quality feature categories. We want to help developers write better code and worry less about common security mistakes. We do this by helping developers easily identify common security issues as code is being contributed and mitigate these issues proactively.

We'd like to continue to expand our capabilities across these workflows while also continuously improving the result quality across all types of findings our analyzers are responsible for detecting. Thanks to our Transparency value you can learn more about us on our Team page.

How GitLab will support you

• Benefits to support your health finances and well-being

• All remote asynchronous work environment

• Flexible Paid Time Off

• Team Member Resource Groups

• Equity Compensation & Employee Stock Purchase Plan

• Growth and development budget

• Parental leave

• Home office support

Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally studies have shown that people from underrepresented groups are likely to only apply for a job if they meet every qualification. If you're excited about this role please apply and allow our recruiters to assess your application.