Role summary - We are seeking a Senior Product Manager to join our Commercial Products domain, taking ownership of one of Payoneer’s most critical products: Global Receiving Accounts.
You will work closely with cross-functional teams to define and execute the product strategy, ensuring our offerings deliver maximum value and impact. This role combines strategic thinking, customer empathy, and data-driven decision-making, all in a highly collaborative, global environment.

Location: Israel
Employment type: Full-time

What you’ll do

• Own the domain end-to-end: Define and drive the product strategy for Global Receiving Accounts.
• Set the vision, build the roadmap, and make prioritization calls that balance customer impact, business value, and technical feasibility. 
• Lead a dedicated engineering team, set direction, remove blockers, and make sure the team is building the right things.
• Navigate complex stakeholder landscapes: Partner closely with product, engineering, UX, risk, compliance, business development, operations, and commercial teams across multiple locations.
•  Align diverse stakeholders around a shared direction.
• Scale the product globally: Expand into new markets, currencies, and payment corridors. Navigate the complexity of cross-border payments, local banking rails, and regional regulatory requirements.
• Drive growth and monetization: Identify levers to improve activation, adoption, and revenue. Build hypotheses, run experiments, and use data to optimize the product’s commercial performance.
• Communicate with clarity: Present strategy and progress to senior leadership. Translate complex technical and regulatory topics into clear narratives that drive decisions across the organization.

Who you are

• 5+ years of product management experience, with meaningful time spent in fintech, payments, or financial services.
• Deep understanding of cross-border payments, FX, banking rails, or global account infrastructure.
•  Experience with receiving accounts, virtual IBANs, or multi-currency wallets is a plus.
• A track record of owning a product domain and driving measurable business outcomes (not just shipping features).
• Proven ability to manage complex stakeholder environments—aligning engineering, business, risk, compliance, and leadership teams around a shared plan, often across geographies and time zones.
• Strong analytical skills: You form hypotheses, dig into data, and let evidence guide your decisions.
• Ability to operate independently: You don’t wait for direction—you identify what matters and go after it.
• Excellent communication skills, with a talent for translating complex topics into clear, actionable narratives.

An overview of this role

As a Backend Engineer on the Secret Detection team, you'll help protect sensitive data by building the services, scanning workflows, and remediation paths that prevent leaked secrets from reaching production. Your work will contribute to the full secret management lifecycle, from push protection to pipeline-based scanning, validation, and auditability, so developers can move quickly without taking on avoidable security risk. This is a strong opportunity if you want to work on security features with clear customer impact, improve detection quality, and help teams act when credentials, API keys, or other secrets are exposed.

You'll focus on backend systems that power Secret Detection across GitLab's DevSecOps platform, working closely with product management and engineering peers in an async-first environment. In your first year, you'll contribute to core product capabilities, improve performance and result quality, and help shape technical direction through code reviews, RFCs, and proof of concepts.

Some examples of our projects:

• Prevent secret leaks in source code with GitLab Secret Push Protection
• Verify validity of secret detection findings

What you’ll do

• Guide the design and implementation of backend features for GitLab Secret Detection in Ruby on Rails, GraphQL, and Go, delivering capabilities that improve coverage, reliability, or response time for secret detection workflows.
• Build clean, well-tested, maintainable code that meets GitLab standards for reliability and performance, helping reduce regressions and maintain backend systems at scale.
• Partner with product management and engineering peers to deliver backend capabilities that improve detection, validation, remediation, and audit trail coverage across the secret management lifecycle.
• Improve detection quality by reducing false positives, strengthening secret validation workflows, and enabling faster, more effective remediation paths.
• Contribute to code reviews, RFCs, and proof-of-concept work that guide technical approaches across the Secret Detection category.
• Identify technical debt and operational inefficiencies, then propose and implement practical improvements.
• Diagnose performance and optimization issues in backend systems and implement improvements that increase efficiency, scalability, and service reliability.
• Work effectively in a globally distributed, async-first team while participating in planning, engineering discussions, and pairing when needed.

What you’ll bring

• Experience building backend applications and services using Ruby on Rails, with working knowledge of GraphQL and interest in backend-focused product development.
• Experience designing and delivering secure, maintainable systems that power production web applications at scale.
• Knowledge of security concepts, common vulnerabilities, mitigation techniques, and secure coding practices.
• Background developing or working with security tools or products, especially in areas related to code scanning or secret detection.
• Experience investigating performance issues and improving backend reliability, efficiency, and maintainability.
• Ability to work closely with cross-functional partners, including product, design, and technical writing, to deliver useful product outcomes.
• Communicate clearly in writing and in conversation, especially in remote, async-first environments with distributed teams.
• Bring transferable experience and a willingness to grow into parts of the security or Go stack.

About the team

The Secret Detection team owns GitLab's Secret Detection category, and we build the backend systems and related user workflows that help developers identify and mitigate exposed secrets as code is contributed. We work with the broader security product suite while maintaining focused investment in secret scanning quality, validation, remediation, and developer experience. Our work spans Rails and Go services, and we work primarily asynchronously across time zones as a globally distributed team. Current opportunities include expanding coverage across the secret management lifecycle and improving result quality across the findings our tools detect. For more on how we work, see the Team Handbook page.

An overview of this role

As a Senior Backend Engineer on the Pipeline Security team, you'll take technical ownership of GitLab's native Secrets Manager, a production system built on OpenBao that helps secure sensitive credentials across GitLab CI/CD pipelines. You'll work at the intersection of backend engineering and infrastructure, shaping architecture in Ruby on Rails and Go, guiding decisions around role-based access control (RBAC), GraphQL APIs, and Kubernetes deployment configuration. In your first year, you'll help move Secrets Manager toward general availability, establish technical patterns the team can build on, and represent the team's point of view in cross-functional discussions. You'll have end-to-end ownership, from design through production operations, with room to identify what should be built next and improve how the team delivers secure, reliable features.

What you'll do

• Build and maintain secure, readable backend code primarily in Ruby on Rails, with some development in Go for targeted components.
• Design backend architecture for complex security features, including secrets access control, pipeline security enforcement, and OpenBao integration.
• Lead the development of role-based access control models, GraphQL APIs, and supporting application patterns for features owned by the team.
• Own features end to end, from technical design and implementation through deployment, validation, and production support.
• Collaborate with Product, security partners, and other engineering teams to document tradeoffs, align on direction, and deliver iteratively in a distributed environment.
• Improve code quality, maintainability, security, and performance through code review, design iteration, and internal standards for a high-scale web environment.
• Build and maintain Helm charts, including configuration, tuning, documentation, and automated testing for Kubernetes-based deployments.
• Validate features in Kubernetes environments, including GitLab Cloud Native and Cloud Native Hybrid deployments, using GitLab testing and performance testing frameworks.

What you'll bring

• Experience building and maintaining backend features with a focus on secure design, data handling, and production reliability.
• Ability to write production-quality code in Ruby on Rails, including use of framework security patterns and review for common application risks.
• Working knowledge of CI/CD concepts and the ways pipelines can be misconfigured, abused, or expose sensitive data.
• Familiarity with secrets management approaches and security practices for handling credentials in CI environments; experience with tools such as HashiCorp Vault or similar systems is helpful.
• Comfort collaborating across Product and engineering teams in an asynchronous, distributed environment and communicating technical tradeoffs clearly in writing.
• Ability to review merge requests with a security-first mindset and improve solutions through feedback and iteration.
• Experience debugging production issues, including investigation of security-related behavior and proposing practical fixes.
• Openness to learning adjacent domains and tools, including Go, container security, and software supply chain security; we welcome transferable experience from different technical backgrounds.

About the team

The Pipeline Security team builds features that make GitLab CI pipelines more secure and trustworthy for teams running sensitive workloads. We own key parts of pipeline security within GitLab's CI/CD experience, with our current focus on native secrets management for CI pipelines and Supply-chain Levels for Software Artifacts (SLSA) Level 3 capabilities to strengthen software supply chain security. We work asynchronously across regions and collaborate closely with Product and security partners, using clear design discussions, documented decisions, and iterative delivery across Ruby on Rails and Go.

An overview of this role

As a Staff Engineer on GitLab's Software Composition Analysis team, you'll drive hands-on implementation of security features that help customers understand and manage risks in their software supply chain. Your focus will be on enhancing GitLab's SCA capabilities in dependency scanning and container scanning. You'll work directly on architecture and technical implementation and help the team push forward on three core goals: Gather (introducing data points that help customers understand the urgency of issues, like reachability analysis and supply chain poisoning detection), Integrate (providing other teams with innovative collection techniques for better workflows), and Optimize (solving data correlation at massive scale). You'll contribute hands-on code, help solve novel technical challenges, and establish patterns that improve how the distributed team works together across multiple time zones.

Examples of some future features that you may help build: 
- Dependency scanning for unmanaged C/C++ 
- Dependency Scanning for Yocto environments 
- Vulnerability detection using CPE-based matching against package metadata

What you’ll do

• Implement complex features in dependency scanning and container scanning, shipping improvements that increase scan coverage, improve accuracy, and drive adoption of GitLab's SCA capabilities
• Solve novel technical problems in SCA, establishing reusable patterns that reduce delivery time and improve engineering effectiveness across the team
• Guide architectural and implementation decisions in collaboration with engineering managers, product managers, and peer engineers to improve scalability, reliability, and delivery outcomes across the team's SCA architecture
• Contribute code, design reviews, and technical mentorship that raise quality standards, improve maintainability, and strengthen performance across the codebase
• Collaborate across GitLab's security domain to align SCA work with related efforts in vulnerability management and adjacent product areas, accelerating delivery of shared roadmap goals and improving coordination across related security efforts
• Identify and resolve technical debt, prioritizing changes that improve team velocity, code health, and long-term maintainability across the team's core SCA services
• Translate product needs and customer feedback into technical solutions in partnership with product, UX, and security stakeholders, delivering features that address high-impact customer risks and advance shared roadmap goals

What you’ll bring

• Hands-on experience in Software Composition Analysis and the ability to contribute to complex security features in dependency scanning and container scanning
• Deep hands-on expertise in building and evolving dependency scanning and container scanning analyzers
• Demonstrated ability to design solutions that balance complexity, performance, and maintainability
• Expertise with backend technologies, particularly Go and/or Ruby on Rails, with ability to pick up new technologies quickly
• Familiarity with cloud providers like GCP, CloudFlare, or AWS
• Ability to evaluate technical tradeoffs in SCA and security tooling, with proven success delivering maintainable solutions that help customers manage software supply chain risk
• Ability to work effectively in distributed, async-first teams across multiple time zones
• Experience explaining complex technical and security concepts to engineers and stakeholders

About the team

The Software Composition Analysis team is part of GitLab's Sec Engineering group, and we focus on building capabilities that help customers identify and manage risks in their software supply chain. We work across areas including dependency scanning, container scanning, and license scanning, and we work closely with product, UX, security, and adjacent engineering teams to close important feature gaps in GitLab's platform. Our team members are distributed across regions including Europe and North America, so we rely on clear documentation, asynchronous communication, and thoughtful coordination across time zones. This opportunity is centered on helping us deliver complex security features while balancing hands-on technical progress with strong team execution.

An overview of this role

You'll join GitLab's Software Supply Chain Security stage as the Staff Engineer, Secrets Management, providing technical leadership for GitLab's strategic investment in integrated secrets management. You'll set the technical direction for GitLab Secrets Manager, our OpenBao-powered solution that helps customers securely store, distribute, and manage the lifecycle of secrets used across CI/CD pipelines. This role sits at the intersection of the GitLab platform and the OpenBao open source project: you'll drive architecture decisions for multi-tenant secrets management at scale, guide integration into GitLab, and contribute upstream so we can deliver capabilities customers can trust.

In your first year, your success will look like a clear, scalable architecture for GitLab Secrets Manager, reliable performance that meets GitLab.com needs in partnership with Infrastructure teams, and strong cross-team alignment across Pipeline Security, Authentication, and Platform. You'll also represent GitLab in OpenBao's governance and technical discussions, helping ensure our product direction and upstream contributions reinforce each other.

How we interview

Our process includes technical interviews and stakeholder conversations focused on how you partner across functions and drive alignment.

You should expect questions about how you collaborate with cross-functional partners and communicate tradeoffs in ambiguous, high-impact work.

What you'll do

• Lead the technical strategy for GitLab Secrets Manager, setting architecture direction for secure, multi-tenant secrets management at scale.
• Own the integration between GitLab and OpenBao, including namespaces, authentication mechanisms, and policy management.
• Collaborate with Pipeline Security, Authentication, and Platform teams to propose, review, and deliver cross-team secrets management improvements.
• Partner with GitLab.com Infrastructure teams to ensure secrets management meets reliability, performance, and operational requirements.
• Represent GitLab in the OpenBao open source project by contributing features upstream, participating in technical steering discussions, and maintaining strong technical credibility.
• Mentor and advise engineers on secrets management, cryptographic systems, and secure architecture patterns, raising the quality and consistency of designs and implementations.
• Interface with engineering managers and senior leadership to scope initiatives, clarify tradeoffs, and unblock delivery across teams.
• Engage with customers and external stakeholders to understand real-world needs and communicate GitLab's secrets management capabilities and roadmap direction.

What you'll bring

• Experience designing and operating secrets management systems (for example, HashiCorp Vault, OpenBao, or cloud-native offerings), including secure storage, access control, and audit logging.
• Ability to lead architecture decisions for resilient, multi-tenant services that handle secrets operations at scale, including high availability and cluster management patterns.
• Working knowledge of cryptographic and key management concepts, such as encryption in transit and at rest, key derivation, and hardware security module (HSM) or PKCS#11 integrations.
• Experience implementing authentication and authorization integrations, such as JSON Web Token (JWT) or OpenID Connect (OIDC), mutual Transport Layer Security (mTLS), and certificate-based authentication.
• Proficiency building product integrations in Go (within the OpenBao or Vault ecosystem) and Ruby on Rails for GitLab platform integration.
• Experience contributing to open source projects and working effectively with distributed governance, balancing upstream needs with product requirements.
• Demonstrated ability to operate with high autonomy, drive strategy, and serve as a trusted partner to senior leaders (including constructively challenging assumptions and tradeoffs).
• Strong communication and collaboration skills to influence across teams and levels, including mentoring engineers and working in a fully remote, asynchronous environment.

About the team

The Secrets Management team sits within the Pipeline Security group in GitLab's Software Supply Chain Security stage. We own GitLab Secrets Manager, an OpenBao-powered capability that helps teams securely store, distribute, and manage the lifecycle of secrets used across continuous integration and continuous delivery (CI/CD) pipelines. The team works closely with Authentication, Authorization, Compliance, and Platform counterparts to deliver secure defaults, reliable operations for GitLab.com, and product-grade integration between GitLab and OpenBao (including namespaces, authentication, and policy management). Our core challenge is building multi-tenant secrets management at scale while balancing upstream open source collaboration with the needs of GitLab customers.