Senior GitLab Platform Engineer (Self-Managed) in Herndon

Job DescriptionJob Description

Contract Details

• Work Mode: Remote. Candidates within ~30 miles of Herndon, VA may be asked to be onsite 1 2 days/week (subject to change based on business needs).
• Location: Herndon, VA
• Schedule: 40 hours/week
• Duration: 06/29/2026 06/28/2027

About the Opportunity

Seeking a senior, hands-on owner for a self-managed GitLab platform. This role is for a deep specialist who will run GitLab as a product driving availability, performance, security, and an excellent CI/CD experience across engineering teams. You will operate in a security-conscious, regulated environment where security is a first-class concern.

Ideal candidates have recent, direct administration experience with self-hosted GitLab (not SaaS), manage configuration as code, and are comfortable making and advocating for secure, stable platform decisions.

Key Responsibilities

• Own the full lifecycle of self-managed GitLab: upgrades, backups, high availability, capacity planning, and performance tuning.
• Design and maintain organization-wide CI/CD pipeline architecture, including reusable templates, parent/child pipelines, and integrations with security scanners and artifact repositories.
• Manage GitLab Runner fleets at scale using the Kubernetes executor on Amazon EKS (shared, group, and project-scoped runners).
• Implement and maintain authentication and access control (SSO/SAML/LDAP) and enterprise-level group/project permission models.
• Manage platform configuration as code Terraform as the source of truth.
• Integrate security into CI/CD (e.g., SAST/DAST, dependency and container scanning, Wiz) and ensure findings are actionable.
• Harden the platform: least-privilege access, secure secrets/CI variables, and timely security patches.
• Implement supply-chain security controls (signed artifacts, trusted artifact repositories such as JFrog, dependency policies).
• Support audit/logging/compliance and translate control requirements (e.g., NIST 800-53) into automated configuration.

Required Qualifications

• US only (single citizenship; no dual ).
• Recent, direct administration of GitLab self-managed (not GitLab.com), including upgrades, backups, HA, runner management, and performance tuning.
• CI/CD pipeline architecture expertise with reusable templates and parent/child pipelines; integration with security scanners and artifact repositories.
• Runner management at scale using the Kubernetes executor on EKS.
• Enterprise authentication and access control: SSO/SAML/LDAP and robust permission modeling.
• Infrastructure as Code with Terraform (ideally including the GitLab provider); configuration managed as code over UI changes.
• Security-first mindset and the willingness to advocate for stability and security best practices.

Qualifications

• GitLab Geo (replication/DR) experience.
• Container and Package Registry administration.
• Migrations and major version upgrade experience for self-managed instances.
• Hands-on Kubernetes/EKS integration for runner and deployment pipelines.
• Exposure to regulated environments (e.g., FedRAMP, IL5, NIST 800-53) and ATO processes.

Work Environment

• Role favors a specialist who stays current with GitLab s rapid release cycle and treats the platform as a product.
• Collaborative with security/compliance partners; vocal in raising risks and advocating for the right technical approach.
• Remote-first; local candidates may be periodically onsite in Herndon, VA.

#ZR