Sr. DevOps Engineer - Remote

Description:

This is a hands-on, deep-specialist role. We are deliberately not hiring a broad DevOps generalist who lists GitLab among ten other tools. We want someone who knows the product intimately, stays current with its fast-moving release cycle, and treats the platform as a product in its own right.

You will work in a security-conscious, regulated environment, so we need someone who is comfortable making security a first-class concern in everything they build and who is willing to speak up when something isn’t right.  

Must-Have Qualifications

• GitLab self-managed administration. Direct, recent experience administering self-managed GitLab (not GitLab.com SaaS). You have personally handled upgrades, backups, high-availability configurations, runner management, and performance tuning.
• CI/CD pipeline architecture. You design and maintain reusable pipeline templates and parent/child pipeline structures, and you’ve integrated pipelines with security scanners and artifact repositories. We use JFrog and Wiz; experience with these specifically is a plus.
• GitLab Runner management at scale. You understand the trade-offs between shared, group, and project-scoped runners, and you’ve operated runners using the Kubernetes executor on EKS.
• Authentication and access control. You’ve implemented and maintained SAML/SSO/LDAP integration and designed group and project permission models at enterprise scale.
• Infrastructure-as-code fluency. You’re fluent in Terraform, ideally including the GitLab provider, and you instinctively manage configuration as code rather than clicking through the UI.

Strong Nice-to-Haves

• GitLab Geo experience, including replication and disaster-recovery scenarios.
• Container Registry and Package Registry administration.
• Migration experience such as onboarding organizations into GitLab, or executing major version upgrades on self-managed instances.
• Hands-on experience integrating GitLab with Kubernetes/EKS for runner workloads and deployment pipelines.
• Federal or regulated-industry exposure: FedRAMP, IL5, NIST 800-53, and familiarity with the ATO process

Security is not a separate workstream in this role — it’s built into the platform you operate.

You will:

• Integrate and maintain security and vulnerability scanning (e.g., Wiz, SAST/DAST, dependency and container scanning) directly within CI/CD pipelines, and ensure findings are visible and actionable for engineering teams.
• Harden the GitLab platform itself: enforce least-privilege access models, manage secrets and CI/CD variables securely, and keep the environment patched and current with security releases.
• Implement and maintain supply-chain security controls, such as signed artifacts, trusted artifact repositories (JFrog), and policies that prevent untrusted dependencies from entering builds.
• Support audit, logging, and compliance requirements, and help maintain the platform’s posture against frameworks such as NIST 800-53 in support of FedRAMP/IL5 and ATO obligations.
• Partner with security and compliance teams to translate control requirements into enforceable, automated platform configuration.