{"version":"0.1","company":{"name":"YubHub","url":"https://yubhub.co","jobsUrl":"https://yubhub.co/jobs/skill/package-ecosystems"},"x-facet":{"type":"skill","slug":"package-ecosystems","display":"Package Ecosystems","count":1},"x-feed-size-limit":100,"x-feed-sort":"enriched_at desc","x-feed-notice":"This feed contains at most 100 jobs (the most recently enriched). For the full corpus, use the paginated /stats/by-facet endpoint or /search.","x-generator":"yubhub-xml-generator","x-rights":"Free to redistribute with attribution: \"Data by YubHub (https://yubhub.co)\"","x-schema":"Each entry in `jobs` follows https://schema.org/JobPosting. YubHub-native raw fields carry `x-` prefix.","jobs":[{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_8fc80897-0ec"},"title":"Intermediate Backend Engineer,  SSCS: Supply Chain","description":"<p>As an Intermediate Backend Engineer on the SSCS Add-On team at GitLab, you&#39;ll help build a dedicated software supply chain security feature for regulated enterprise organisations.</p>\n<p>In this role, you&#39;ll contribute to capabilities that help customers control software dependencies, verify artifact integrity, and identify malicious packages before they reach production.</p>\n<p>Your work will sit at the intersection of backend engineering, product integration, and security-focused development.</p>\n<p>You&#39;ll build in Ruby on Rails, work alongside Go services as needed, and help connect Add-On functionality with GitLab&#39;s existing security scanning experience so findings are surfaced consistently for users.</p>\n<p>Because the team is small, you&#39;ll have meaningful influence on implementation details, team practices, and the product experience.</p>\n<p>This role is part of GitLab&#39;s all-remote, async-first, values-driven environment, where clear written communication and thoughtful coordination across time zones are essential.</p>\n<p><strong>Responsibilities</strong></p>\n<ul>\n<li>Implement well-scoped backend features across the Add-On&#39;s supply chain security product, including package policy integrations, ingestion pipeline improvements, signing and verification support, and reliability-focused work, delivering maintainable code on agreed timelines and meeting team-defined delivery commitments.</li>\n</ul>\n<ul>\n<li>Build and maintain integrations between Add-On functionality and GitLab&#39;s existing software composition analysis scanning infrastructure so findings appear consistently and accurately in merge request security reports, reducing integration issues and supporting a reliable user experience.</li>\n</ul>\n<ul>\n<li>Write and maintain comprehensive automated test coverage, including RSpec and integration tests, to improve test reliability, reduce regressions, and support safe, consistent releases as the codebase grows.</li>\n</ul>\n<ul>\n<li>Take on work across multiple feature areas as priorities evolve, contributing as a generalist where the team needs support most.</li>\n</ul>\n<ul>\n<li>Participate actively in code review by giving thoughtful, actionable feedback and incorporating feedback constructively into your own work to help maintain code quality and reduce rework.</li>\n</ul>\n<ul>\n<li>Contribute clear internal documentation for the features and behavior you ship so teammates can support, extend, and troubleshoot the product effectively.</li>\n</ul>\n<ul>\n<li>Coordinate with adjacent Software Supply Chain Security teams, including Dependency Firewall and Malware Database, as the Add-On brings together capabilities from across GitLab, helping deliver aligned functionality and smoother cross-team execution.</li>\n</ul>\n<ul>\n<li>Collaborate effectively in an async-first environment across global time zones, including occasional off-hours overlap when needed, to keep work moving and decisions documented clearly.</li>\n</ul>\n<p><strong>Requirements</strong></p>\n<ul>\n<li>Backend development experience with the ability to deliver maintainable production code.</li>\n</ul>\n<ul>\n<li>Solid proficiency in Ruby on Rails and strong PostgreSQL fundamentals.</li>\n</ul>\n<ul>\n<li>Familiarity with Golang, or a willingness to learn and work across both Ruby on Rails and Go.</li>\n</ul>\n<ul>\n<li>Strong testing discipline, including experience with RSpec or an equivalent testing framework.</li>\n</ul>\n<ul>\n<li>Clear, direct written communication skills and experience collaborating with distributed teammates in asynchronous workflows.</li>\n</ul>\n<ul>\n<li>Ability to manage scoped work independently, communicate progress clearly, and adjust as team priorities shift.</li>\n</ul>\n<ul>\n<li>Interest in package ecosystems such as npm, Maven, PyPI, or OCI containers, or adjacent experience that helps you ramp in this domain.</li>\n</ul>\n<ul>\n<li>Interest in software supply chain security, dependency management, DevSecOps, or security-adjacent product development, with the ability to apply security considerations in backend development work.</li>\n</ul>\n<p><strong>About the Team</strong></p>\n<p>The SSCS Add-On team is part of GitLab&#39;s Software Supply Chain Security stage and is focused on building a commercial offering that addresses real supply chain security challenges for enterprise customers.</p>\n<p>The team works on capabilities that combine multiple parts of the GitLab product into a more complete security solution for organisations with strong compliance and risk management needs.</p>\n<p>The work is both technically interesting and strategically important.</p>\n<p>The team is building in a space shaped by fast-moving threats, evolving customer requirements, and close coordination with nearby teams across the broader security area.</p>\n<p>That combination creates an environment where engineers can contribute to product direction while solving practical backend challenges in a visible part of GitLab&#39;s platform.</p>\n<p>For more on how related teams work, see Team Handbook Page.</p>\n<p><strong>How GitLab Supports Full-Time Employees</strong></p>\n<ul>\n<li>Benefits to support your health, finances, and well-being</li>\n</ul>\n<ul>\n<li>Flexible Paid Time Off</li>\n</ul>\n<ul>\n<li>Team Member Resource Groups</li>\n</ul>\n<ul>\n<li>Equity Compensation &amp; Employee Stock Purchase Plan</li>\n</ul>\n<ul>\n<li>Growth and Development Fund</li>\n</ul>\n<ul>\n<li>Parental leave</li>\n</ul>\n<ul>\n<li>Home office support</li>\n</ul>\n<p style=\"margin-top:24px;font-size:13px;color:#666;\">XML job scraping automation by <a href=\"https://yubhub.co\">YubHub</a></p>","url":"https://yubhub.co/jobs/job_8fc80897-0ec","directApply":true,"hiringOrganization":{"@type":"Organization","name":"GitLab","sameAs":"https://about.gitlab.com/","logo":"https://logos.yubhub.co/about.gitlab.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/gitlab/jobs/8480565002","x-work-arrangement":"remote","x-experience-level":"mid","x-job-type":"full-time","x-salary-range":null,"x-skills-required":["Ruby on Rails","Golang","PostgreSQL","RSpec","testing discipline"],"x-skills-preferred":["package ecosystems","software supply chain security","dependency management","DevSecOps","security-adjacent product development"],"datePosted":"2026-04-18T15:43:56.533Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Remote, India"}},"jobLocationType":"TELECOMMUTE","employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"Ruby on Rails, Golang, PostgreSQL, RSpec, testing discipline, package ecosystems, software supply chain security, dependency management, DevSecOps, security-adjacent product development"}]}