GitLab is looking to solve critical infrastructure challenges for its authentication and authorization systems at scale, supporting its transition to a zero-trust architecture and enabling the evolution towards microservices.
Requirements
- Deep expertise in proxy technologies (Envoy, Traefik, HAProxy, nginx) and edge routing
- Experience with DB technologies and storage, such as RDS, Google Spanner, Postgres or similar.
- Strong background in Go and/or Rust for building high-performance infrastructure services
- Experience with service mesh architectures, mTLS, and zero-trust networking
- Expertise in gRPC, REST APIs, and service-to-service communication patterns
- Understanding of token systems (JWT, Macaroons), cryptographic signing, and key management
- Knowledge of Kubernetes, container orchestration, and cloud-native deployment patterns
Responsibilities
- Lead the design and implementation of GitLab's authentication infrastructure layer, including Envoy proxy configuration, token services, and policy decision infrastructure
- Solve critical infrastructure challenges including bi-directional gRPC tunnels, mTLS implementation, short-lived certificate management and service mesh architecture
- Ensure infrastructure supports multiple deployment models: GitLab.com (millions of users), self-managed, Dedicated, and air-gapped environments
- Lead performance optimization efforts for authentication decisions at scale
- Implement infrastructure monitoring, observability, and debugging capabilities for distributed authentication systems
Other
- Significant experience in engineering management with focus on infrastructure and distributed systems
- Proven track record of building and scaling engineering teams focused on infrastructure
- Strong debugging and performance optimization skills for distributed systems
- All remote, asynchronous work environment
- Flexible Paid Time Off
