IT Engineering

1. You are here:
2. IT Business Technology
3. Information Technology (IT) Department
4. IT Engineering

On this page

• Overview
• How We Work
• Team
• Problems We Solve

Overview

The IT Engineering sub-department is focused on designing, developing, and implementing automation efficiencies using software and systems to improve GitLab's business processes, software systems, and cloud infrastructure. Our team members have one or more specialties that they focus on.

Access Management and Single-Sign On (SSO)

Handbook Page

The IT Engineering team implements Okta SSO for our tech stack applications. You can learn more on the Okta handbook page.

The IT Support team handles access requests for the tech stack applications that IT manages. All access requests are created in the same issue tracker project, regardless of which System Owner is responsible for provisioning your user account.

The IT Development team also focuses on Identity and Access Management (IAM) and Role-Based Access Control (RBAC) automation. We are developing GitLab Access Manager (GLAM), a custom application that will replace access request issues and manual provisioning with a streamlined custom web UI and API integration with most of our tech stack applications for user and role provisioning.

Change Management

Handbook Page

IT Development

Handbook Page

The IT Engineering Development team develops custom software applications, automation, APIs and integrations that support internal IT automation for business efficiency and processes managed by the IT department.

Many of our projects focus on providing self service access request provisioning to our tech stack applications and supporting IT Infrastructure services including the Demo Systems and Sandbox Cloud.

We are in the process of creating GitLab Access Manager (GLAM) to provide the next-generation of access request automation across most of our tech stack applications.

IT Infrastructure

Handbook Page
Issue Tracker

The IT Infrastructure team manages AWS and GCP infrastructure that is not related to GitLab.com SaaS production infrastructure and provide managed infrastructure services for other departments, including most ephemeral sandbox infrastructure needs across the company. We also handle access requests for cloud infrastructure and DNS/domain name requests.

We collaborate with the Reliability Engineering (SRE) and Infrastructure Security teams to provide Infrastructure Shared Services for all AWS, Azure, and GCP related requests and support across the organization.

We also provide escalation engineering and triage support for the Security Incident Response Team ("SIRT") and Security Red Team when security anomalies, events, or incidents require AWS/GCP subject matter expertise.

Our focus is on organizational policy management, access request provisioning, and services that are outside of the Reliability Engineering scope of hosting the Gitlab.com SaaS service, such as the provisioning of demo/sandbox/test infrastructure for team members.

The Demo Systems provide an always-on shared sandbox environment for demo and experimental use cases that aren't intended for or supported on GitLab.com and don't need dedicated infrastructure to be provisioned for your use case.

The GitLab Sandbox Cloud, powered by HackyStack, automates the provisioning of AWS accounts, AWS IAM users, GCP projects, and GCP users. This has allowed us to automate a large portion of our AWS and GCP access requests.

Project Management

Handbook Page
How We Work
How We Work - Labels

Tech Stack Application Implementation and Support

Handbook Page

We provide implementation engineering and support for 3rd party tech stack applications that are managed by Business Technology and other non-engineering departments. We usually classify this work as "Engineering Operations" (EngOps).

How We Work

See the How We Work, Project Management, and Labels page.

Team

Name	Role	Focus Areas (Specialties)
Peter Kaldis	Manager, IT Engineering	Access Management, Okta, Google, Project Management, Stakeholder Collaboration
Jeff Martin	Senior IT Systems Engineer	Development, Engineering Mgmt, Infrastructure, Demo Systems, Security, Support
Marcus Whitaker	Senior IT Systems Engineer	Access Management, Okta, Operations
Dillon Wheeler	IT Systems Engineer	Development, Google, Security
Mohammed Al Kobaisy	IT Systems Administrator	Infrastructure, Operations, Support

Problems We Solve

Business Technology has several Engineering teams in different sub-departments that focus on a specialty area of functions typically handled by an IT organization. There are additional System Administrators / System Owners in other departments that manage the tech stack applications specific to their department or team.

Department/Group	High-Level Problems to Solve
IT Infrastructure Handbook Page	How do users get access to AWS and GCP and how do we properly secure our infrastructure for accounts, projects, resources, etc. outside of GitLab.com SaaS? We have an Infrastructure Shared Services stable counterpart working group in collaboration with Engineering Infrastructure Reliability Engineering and Engineering Infrastructure Security. We publish our collective architecture, guidance, and policies in the handbook in Infrastructure Standards. The IT Infrastructure team is the DRI for IAM/RBAC and sandbox infrastructure that has mostly been automated with the GitLab Sandbox Cloud.
IT Access Management Engineering Handbook Page	How do users get access to tech stack applications and how can we streamline access request approvals, audit users least privilege access, and automate the provisioning and deprovisioning of their user account / role(s) / group(s) / etc? (IAM/RBAC focus) GitLab Access Manager is a custom built full stack application built by the GitLab IT Engineering team that provides a user interface ("UI") for team members, managers, access approvers, audit reviewers, and IT administrators to centrally approve and manage role-based access to the directory of tech stack applications ("SaaS providers").
IT Engineering Operations ("EngOps") Issue Tracker	How do we enable team members to get help with integrating tech stack applications with Google, Okta SSO, Slack integration, etc?
Enterprise Applications Integrations Engineering Handbook Page	How do we create data transfer and workflow automation integrations between business critical SSOT and financial tech stack applications that are streamlined with high data integrity?
Data Team Handbook Page	How do we get analytics and data insights from our tech stack applications and make it available to team members (ex. SiSense) to make more informed data-driven decisions?