Staff Product Manager, Software Supply Chain Security

Remote

GitLab is an open‑core software company developing the most comprehensive AI‑powered DevSecOps Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co‑create the software that powers our world.

We are expanding our Software Supply Chain Security (SSCS) offering to address a massive market opportunity: a $3‑8B market with 85% enterprise adoption projected by 2028. Regulatory mandates (EO 14028, EU Cyber Resilience Act) and widespread supply chain attacks have created an urgent need for new security solutions.

As Staff Product Manager for SSCS, you will lead the strategy and delivery of a new product line that secures everything around the code—provenance, attestation, signing and verification, SBOM, malicious package detection, and a dependency firewall. You will own the product pillars, define business cases, and collaborate with engineering, UX, sales, customer success, and support to translate complex concepts like the SLSA framework into customer‑valuable capabilities.

• Lead the end‑to‑end product strategy for the SSCS add‑on, defining and evolving the vision across its main pillars.
• Drive discovery, prioritization, and delivery for capabilities such as dependency firewall, SBOM, malicious package detection, and provenance/attestation.
• Collaborate with engineering managers and engineers to break down complex security concepts into clear requirements and iterative roadmaps.
• Partner with cross‑functional stakeholders in sales, customer success, and support to validate demand and enable successful adoption.
• Engage directly with customers and prospects to explain SSCS and SLSA concepts, gather feedback, and translate it into product improvements.
• Analyze market trends and competitive offerings to inform positioning and backlog decisions.
• Define and track product success signals and operational metrics for the SSCS add‑on, using data to guide trade‑offs and communicate outcomes to leadership.
• Represent the SSCS domain internally as a subject‑matter expert, creating simple visuals, narratives, and documentation to help teams understand the product’s value.

• Product management experience owning complex security products, with a focus on software supply chain security or adjacent areas.
• Knowledge of software supply chain concepts such as provenance, attestation, signing and verification, and experience with frameworks like SLSA.
• Experience with dependency risk and software composition analysis (SCA), including scanning, SBOM, and related tooling.
• Ability to translate highly technical topics into clear, value‑focused narratives for customers and non‑technical stakeholders.
• Experience collaborating with engineering, UX, and cross‑functional partners to define roadmaps and ship iterative improvements.
• Background in security, DevSecOps, or developer‑focused products, or transferable experience in similarly technical B2B SaaS domains.
• Openness to learning new technologies and frameworks in the supply chain security space, and to contributing effectively in a globally distributed, asynchronous team environment.

The SSCS team builds and maintains capabilities that help GitLab customers establish trust throughout their software delivery pipeline. The team works in an all‑remote, asynchronous way across regions, partnering with other security product teams when supply chain security intersects with their features. Current focus areas include launching the SSCS offering with core capabilities like Dependency Firewall, Build Provenance, and Artifact Signing, targeting Premium and Ultimate customers in regulated industries and positioning SSCS to address regulatory mandates such as EO 14028 and the EU Cyber Resilience Act.

GitLab hires new team members worldwide. All of our roles are remote, however some roles may carry specific location‑based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process.

GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex, gender identity, national origin, age, citizenship, marital status, mental or physical disability, or any other basis protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics. See also GitLab’s EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know during the recruiting process.