Engineering Manager, Software Supply Chain Security: Pipeline Security

GitLab is an open core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world. When everyone can contribute, consumers become contributors, significantly accelerating the rate of human progress. This mission is integral to our culture, influencing how we hire, build products, and lead our industry. We make this possible at GitLab by running our operations on our product and staying aligned with our values. Learn more about Life at GitLab.

Thanks to products like Duo Enterprise and Duo Workflow, customers benefit from AI at every stage of the SDLC. The principles built into our products are reflected in our work: we embrace AI as a core productivity multiplier. All team members are encouraged and expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact across our global organization.

The Engineering Manager specializes in managing people, with a focus on Software Supply Chain Security. This role will lead a team developing features within the Software Supply Chain Security stage, primarily focused on CI job artifact security via the SLSA compliance framework. Engineering Managers at GitLab view their team as their product. While technically credible, their time is spent safeguarding team health, hiring top talent, and enabling success. They own product delivery and seek continuous productivity improvements. They also coordinate across departments to meet collaborative goals.

This role extends the Engineering Manager position.

What You’ll Do

• Lead a team developing features for Software Supply Chain Security, focusing on CI job artifact security
• Guide the integration of SLSA compliance into GitLab CI/CD pipelines
• Collaborate with Product Managers to define and prioritize Supply Chain Security features
• Stay updated on industry standards like SLSA, SBOM, and vulnerability management
• Partner with Security teams to ensure features meet security standards
• Advocate for supply chain security best practices across GitLab
• Represent GitLab in industry forums on software supply chain security

What You’ll Bring

• Experience with software supply chain security concepts and tools
• Understanding of the SLSA framework and its application in CI/CD
• Knowledge of artifact provenance, attestation, and verification techniques
• Knowledge of secure software development practices
• Experience with CI/CD systems and security considerations
• Understanding of container security concepts
• Familiarity with software composition analysis and vulnerability management
• Experience implementing SLSA compliance in production environments is a plus

Performance Indicators

Additional metrics include:

• Successful SLSA framework implementation in GitLab CI/CD
• Adoption rate of security features by users
• Reduction in CI artifact vulnerabilities
• Team velocity on security feature development
• Integration with other GitLab security features
• Community engagement on GitLab's security capabilities
• Quality of security documentation

About the team

The Pipeline Security team focuses on making CI pipelines more secure, currently working on native secrets management and SLSA L3 compliance, impacting thousands of organizations.

You can learn more about our team here.

• Benefits for health, finances, and well-being
• Remote, asynchronous work environment
• Flexible Paid Time Off
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and Development Fund
• Parental leave
• Home office support

We welcome candidates with varying experience levels; many successful applicants do not meet all requirements. We also encourage underrepresented groups to apply, even if they do not meet every qualification. If you're excited about this role, please apply and let our recruiters assess your fit.

The base salary range for this role in listed locations is $131,600 - $282,000 USD, determined by experience, skills, and market data. Salary and benefits details are available on our benefits and equity pages. Sales roles may include incentive pay up to 100% of the base salary.