Your work will shape GitLab's enterprise security posture in the rapidly growing software supply chain security market. You'll focus on SLSA Level 3 compliance, secrets management, CI/CD security hardening, and the foundations of GitLab's global zero trust architecture.

Some examples of our projects:

• SLSA Level 3 compliance and provenance attestation across GitLab's CI/CD platform
• Integrated secrets management and runner security for container-isolated, secure pipelines

You'll lead the end-to-end software supply chain security architecture for GitLab's CI/CD platform, including SLSA Level 3 implementation and CI infrastructure hardening. You'll drive cross-team technical strategy and decisions across our Software Supply Chain Security (SSCS) stage teams, aligning engineering work to SSCS strategic plans.

You'll collaborate with infrastructure and CI/CD teams to design and land long-term initiatives for secure, scalable runner architecture, container isolation, and pipeline security at scale. You'll propose and validate technical implementations that support architectural changes to improve CI/CD scaling and performance on critical paths.

You'll teach, mentor, and coach Staff Engineers and individual contributors, raising the bar on supply chain threat modeling, secrets management, artifact signing, and SBOM lifecycle practices.

You'll partner with Engineering Managers and senior leadership to define roadmaps, break down complex initiatives, and enable Staff Engineers to lead sub-department-wide efforts.

You'll engage with customers and external stakeholders as a technical consultant and spokesperson for GitLab's software supply chain security capabilities and roadmap.

You'll collaborate with product, security, and compliance stakeholders to ensure features meet enterprise security, governance, and regulatory expectations in the software supply chain security market.

Key responsibilities include:

• Providing architectural leadership across multiple engineering teams
• Shaping GitLab's enterprise security posture in the rapidly growing software supply chain security market
• Focusing on SLSA Level 3 compliance, secrets management, CI/CD security hardening, and the foundations of GitLab's global zero trust architecture

Key requirements include:

• Deep expertise in software supply chain security, including threat modeling for supply chain attack vectors, SLSA implementation and attestation systems, and SBOM generation and lifecycle management
• Strong knowledge of artifact signing and verification using the Sigstore ecosystem, including Cosign, Fulcio, Rekor, and in-toto attestations
• Experience designing and hardening CI/CD security, such as runner isolation, pipeline security controls, and secrets management in large-scale environments

Preferred qualifications include:

• Background in distributed systems and infrastructure, including building resilient CI/CD platforms that process high pipeline volumes and optimizing performance for critical paths
• Practical experience with container security and Kubernetes security, including admission controllers, policy controllers, workload isolation, and registry hardening
• Proficiency in Go or Rust in a production environment, combined with expert-level understanding of CI/CD workflows and DevSecOps best practices
• Experience operating as a Principal or Staff Engineer across multiple development teams, providing architectural leadership and partnering with Engineering Managers and senior leaders
• Demonstrated capacity to clearly communicate complex problems and solutions

Our Software Supply Chain Security stage engineering teams are responsible for authentication and access within GitLab. We also build features that help customers manage vulnerabilities, dependencies, security policies, and compliance frameworks across their organizations.

The base salary range for this role's listed level is currently for residents of the United States only. This range is intended to reflect the role's base salary rate in locations throughout the US. Grade level and salary ranges are determined through interviews and a review of education, experience, knowledge, skills, abilities of the applicant, equity with other team members, alignment with market data, and geographic location. The base salary range does not include any bonuses, equity, or benefits.

XML job scraping automation by YubHub

Your mission is to solve complex security problems through software engineering, focusing on three core pillars:

• Identity & Network Security: Engineering high-performance IAM controls and zero-trust network architectures.
• Unified Vulnerability Orchestration: Architecting a custom 'single pane of glass' for security data.
• Compliance as Code: Building the automated systems that provide real-time evidence for frameworks like SOC 2, ISO 27001 & PCI.

You will be a key member of our growing Security Engineering team, working at the intersection of Infrastructure, Cross-Cutting, and GRC. We operate like a specialized product team: we identify security friction and build the software to eliminate it.

You will lead the design and maintenance of our internal security tool suite, written primarily in Go, to automate evidence collection and real-time remediation of security alerts. You will also write and peer-review Terraform and custom providers to manage identity and core infrastructure across AWS and GCP.

The team supports the use of Go, Terraform, Kubernetes, and Cilium. Experience with eBPF, Sigstore/Cosign, image provenance, and SBOMs is desirable.

Engine by Starling offers a range of benefits, including 33 days holiday, an extra day's holiday for your birthday, annual leave increased with length of service, and a company-enhanced pension scheme.

XML job scraping automation by YubHub

About Engineering at Engine by Starling

At Engine by Starling, we don't do 'checkbox security',we build security software. We treat security as a first-class engineering discipline, where the solution to a threat isn't a policy, but a robust, concurrent system written in Go.

As a Cloud Security Software Engineer, you will be a hands-on builder responsible for the security architecture of our multi-tenant core banking platform. You'll spend your days architecting and writing Go-based tooling, automating defenses, and ensuring our infrastructure across AWS and GCP is secure by design and compliant by default.

The Mission

Your mission is to solve complex security problems through software engineering, focusing on three core pillars:

• Identity & Network Security: Engineering high-performance IAM controls and zero-trust network architectures. You will lead the way in refining edge-defense strategies and trust redirection, ensuring every request is verified and encrypted at scale.
• Unified Vulnerability Orchestration: Architecting a custom 'single pane of glass' for security data. You will build Go-based API integrations and microservices that bridge scanning engines, dependency trackers, and internal portals into a seamless, automated ecosystem.
• Compliance as Code: Building the automated systems that provide real-time evidence for frameworks like SOC 2, ISO 27001 & PCI. You’ll ensure we stay compliant through continuous, automated validation rather than manual overhead.

The Team

You will be a key member of our growing Security Engineering team, working at the intersection of Infrastructure, Cross-Cutting, and GRC. We operate like a specialized product team: we identify security friction and build the software to eliminate it. You won’t work in a silo; you’ll collaborate with engineers across the business to deliver a platform that is resilient by default.

About You

We are looking for Software Engineers who are passionate about the Go ecosystem and want to apply those skills to mission-critical security challenges. Whether you come from a Security Engineering background or you are a Backend Engineer with a 'security-first' mindset, we value your ability to write clean, maintainable, and efficient code.

What you’ll get to do

• Engineering Security Tooling: Lead the design and maintenance of our internal security tool suite, written primarily in Go, to automate evidence collection and real-time remediation of security alerts.
• Infrastructure as Code: Write and peer-review Terraform and custom providers to manage identity and core infrastructure across AWS and GCP.
• Supply Chain Security: Build automated systems to manage container provenance and integrate security analysis into our CI/CD pipelines (GitHub Actions/TeamCity).
• Cloud Native Defense: Engineer Kubernetes security solutions leveraging Cilium, eBPF, and custom controllers to protect our microservices.
• Cryptographic Engineering (PKI): Build and maintain our Go-based Certificate Authority (CA) tooling and internal PKI infrastructure.
• Incident Response: Support the team in automated incident response, building the tools that help us investigate and mitigate threats faster.

Requirements

What skills are essential:

• Go Specialist: You are proficient in Go. You understand its concurrency models, testing patterns, and how to build idiomatic, performant services.
• The Builder Mindset: You find manual work a personal affront. If a task needs to be done twice, you’ve already started planning the automation for it.
• Cloud Native: Practical experience with AWS or GCP, ideally managed through Terraform.
• Container Expertise: You understand Kubernetes internals,from the runtime security to the service mesh.
• Identity & Networking: Strong understanding of cloud identity models and network protocols.

What skills are desirable:

• Experience with Cilium or eBPF-based security monitoring.
• Knowledge of Sigstore/Cosign, image provenance, and SBOMs.
• Familiarity with hardware security modules (HSMs) or advanced cryptography.
• Cloud-native security certifications (AWS/GCP).

Benefits

• 33 days holiday (including public holidays, which you can take when it works best for you)
• An extra day’s holiday for your birthday
• Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off
• 16 hours paid volunteering time a year
• Salary sacrifice, company enhanced pension scheme
• Life insurance at 4x your salary & group income protection
• Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton
• Generous family-friendly policies
• Incentives refer a friend scheme
• Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks
• Access to initiatives like Cycle to Work, Salary Sacrificed Gym partnerships and Electric Vehicle (EV) leasing

XML job scraping automation by YubHub