GitLab is an open-core software company that develops the most comprehensive
AI-powered DevSecOps Platform
[https://about.gitlab.com/solutions/devops-platform], used by more than 100,000
organizations. Our mission [https://about.gitlab.com/company/mission] is to
enable everyone to contribute to and co-create the software that powers our
world. When everyone can contribute, consumers become contributors,
significantly accelerating human progress. Our platform unites teams and
organizations, breaking down barriers and redefining what's possible in software
development. Thanks to products like Duo Enterprise
[https://about.gitlab.com/gitlab-duo/] and Duo Agent Platform
[https://about.gitlab.com/blog/gitlab-duo-agent-platform-what-is-next-for-intelligent-devsecops/],
customers get AI benefits at every stage of the SDLC.
The same principles built into our products are reflected in how our team works:
we embrace AI as a core productivity multiplier, with all team members expected
to incorporate AI into their daily workflows to drive efficiency, innovation,
and impact. GitLab is where careers accelerate, innovation flourishes, and every
voice is valued. Our high-performance culture is driven by our values
[https://handbook.gitlab.com/handbook/values/] and continuous knowledge
exchange, enabling our team members to reach their full potential while
collaborating with industry leaders to solve complex problems. Co-create the
future with us [https://www.youtube.com/watch?v=OuZIb5zszQI] as we build
technology that transforms how the world develops software.
AN OVERVIEW OF THIS ROLE
As an Engineering Manager for the Auth Infrastructure team at GitLab, you’ll
lead a distributed group of engineers building the core infrastructure that
powers authentication and authorization across all GitLab deployment models.
You’ll focus on secure, performant, and reliable identity services at global
scale, enabling our move toward a zero-trust architecture and a more modular,
microservices-based platform. While you’ll bring deep technical experience with
distributed systems, proxy technologies, infrastructure security, and languages
like Go or Rust, your primary impact will come from building and supporting a
healthy team, hiring and developing great talent, and partnering closely with
Authentication, Authorization, Platform, Infrastructure, Cells Architecture, and
Runner teams to ensure the auth infrastructure layer meets their needs. In your
first year, you’ll be instrumental in shaping the foundation of GitLab’s
Identity and Access Management services, from Envoy-based proxy layers and token
services to policy decision infrastructure that serves millions of requests per
second across GitLab.com, self-managed, Dedicated, and air-gapped environments.
Some examples of our projects:
- Designing and operating an Envoy-based proxy layer that handles millions of
authentication requests per second with mTLS, short-lived certificates, and
service mesh patterns
- Delivering zero-downtime migrations of authentication infrastructure and
resilient token services that enable policy-based authorization at scale
WHAT YOU’LL DO
- Lead the Auth Infrastructure engineering team, setting clear direction,
enabling strong execution, and supporting team health and growth
- Drive the design and implementation of GitLab’s authentication
infrastructure, including Envoy proxy configuration, token services, and
policy decision components
- Solve complex infrastructure challenges such as bi-directional gRPC tunnels,
mTLS implementation, short-lived certificate management, and service mesh
architecture
- Ensure the authentication infrastructure reliably supports all GitLab
deployment models, including GitLab.com, self-managed, Dedicated, and
air-gapped environments
- Lead performance optimization efforts for authentication and authorization at
scale, focusing on low-latency, high-throughput decision making
- Develop and maintain robust monitoring, observability, and debugging
capabilities for distributed authentication systems
- Collaborate closely with Authentication, Authorization, Platform,
Infrastructure, Cells Architecture, and Runner teams to align infrastructure
capabilities with their needs and ensure seamless integration
- Hire, mentor, and develop engineers, and build processes that support
sustainable delivery and continuous improvement within the Auth
Infrastructure team
WHAT YOU’LL BRING
- Experience leading and developing infrastructure-focused engineering teams,
with a focus on distributed systems and reliability
- Proficiency with proxy and edge routing technologies such as Envoy, Traefik,
HAProxy, or nginx, including design and configuration at scale
- Hands-on background in Go and/or Rust for building and operating
high-performance backend or infrastructure services
- Familiarity with service mesh architectures, mTLS, and zero-trust networking
concepts, including short-lived certificates and secure tunnels (for example,
gRPC)
- Understanding of token and identity systems such as JWT or Macaroons,
including cryptographic signing, key management, and integration with
authentication flows
- Experience with database and storage technologies such as RDS, Google
Spanner, Postgres, or similar, and how they support authentication workloads
- Knowledge of Kubernetes, container orchestration, and cloud-native deployment
patterns, including observability, debugging, and performance optimization
for distributed systems
- Experience with infrastructure automation, CI/CD, and GitOps practices, and
an interest in applying transferable skills from related domains or
backgrounds to authentication infrastructure work
ABOUT THE TEAM
The Auth Infrastructure team at GitLab is one of three authentication-focused
teams within GitLab’s Software Supply Chain Security stage, and we are
responsible for the infrastructure foundation that powers authentication and
authorization across all GitLab deployment models. Our team is composed of
distributed systems and infrastructure engineers working asynchronously across
regions, collaborating closely with the Authentication and Authorization teams
for product requirements and integration, the Platform and Infrastructure teams
for deployment and operations, the Cells Architecture team for multi-tenant
routing and isolation, and the Runner team for CI/CD authentication needs. We
focus on solving complex challenges such as building and operating a proxy layer
that can handle millions of requests per second, enabling zero-downtime
migrations of authentication infrastructure, designing resilient token and
identity services, and establishing the core building blocks for policy-based
authorization at global scale.
The base salary range for this role’s listed level is currently for residents of
the United States only. This range is intended to reflect the role's base salary
rate in locations throughout the US. Grade level and salary ranges are
determined through interviews and a review of education, experience, knowledge,
skills, abilities of the applicant, equity with other team members, alignment
with market data, and geographic location. The base salary range does not
include any bonuses, equity, or benefits. See more information on our benefits
[https://about.gitlab.com/handbook/total-rewards/benefits/general-and-entity-benefits/]
and equity [https://about.gitlab.com/handbook/stock-options/]. Sales roles are
also eligible for incentive pay targeted at up to 100% of the offered base
salary.
United States Salary Range
$131,600—$282,000 USD
HOW GITLAB WILL SUPPORT YOU
Please note that we welcome interest from candidates with varying levels of
experience; many successful candidates do not meet every single requirement.
Additionally, studies have shown that people from underrepresented groups
[https://about.gitlab.com/company/culture/inclusion/#examples-of-select-underrepresented-groups]
are less likely to apply to a job unless they meet every single qualification.
If you're excited about this role, please apply and allow our recruiters to
assess your application.
Country Hiring Guidelines: GitLab hires new team members in countries around the
world. All of our roles are remote, however some roles may carry specific
location-based eligibility requirements. Our Talent Acquisition team can help
answer any questions about location after starting the recruiting process.
Privacy Policy: Please review our Recruitment Privacy Policy.
[https://handbook.gitlab.com/handbook/hiring/candidate-faq/recruitment-privacy-policy/]
Your privacy is important to us.
GitLab is proud to be an equal opportunity workplace and is an affirmative
action employer. GitLab’s policies and practices relating to recruitment,
employment, career development and advancement, promotion, and retirement are
based solely on merit, regardless of race, color, religion, ancestry, sex
(including pregnancy, lactation, sexual orientation, gender identity, or gender
expression), national origin, age, citizenship, marital status, mental or
physical disability, genetic information (including family medical history),
discharge status from the military, protected veteran status (which includes
disabled veterans, recently separated veterans, active duty wartime or campaign
badge veterans, and Armed Forces service medal veterans), or any other basis
protected by law. GitLab will not tolerate discrimination or harassment based on
any of these characteristics. See also GitLab’s EEO Policy
[https://about.gitlab.com/handbook/people-policies/inc-usa/#equal-employment-opportunity-policy] and EEO
is the Law
[https://about.gitlab.com/handbook/labor-and-employment-notices/#eeoc-us-equal-employment-opportunity-commission-notices].
If you have a disability or special need that requires accommodation
[https://about.gitlab.com/handbook/people-policies/inc-usa/#reasonable-accommodation],
please let us know during the recruiting process
[https://about.gitlab.com/handbook/hiring/interviewing/#adjustments-to-our-interview-process].
