GitLab - Engineering Manager, Software Supply Chain Security: Pipeline Security
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• Experience leading and developing engineering teams, with a focus on building secure, reliable product features. • Practical knowledge of software supply chain security concepts, tools, and industry standards. • Understanding of the SLSA (Supply-chain Levels for Software Artifacts) framework and how to apply it in CI/CD pipelines. • Familiarity with software artifact provenance, attestation, and verification techniques. • Knowledge of secure software development practices, including container security, software composition analysis, and vulnerability management. • Experience working with CI/CD systems and their security considerations. • Ability to collaborate effectively with product management, security, and other cross-functional partners, and to advocate for supply chain security best practices. • Openness to learning new technologies and approaches, with transferable skills from related security, infrastructure, or software engineering domains. • Our Pipeline Security team is a globally distributed group of engineers who collaborate asynchronously across time zones. We're focused on building Software Supply Chain Security features into the core GitLab platform, with current priorities including native secrets management for CI pipelines, artifact provenance and verification, and achieving SLSA Level 3 compliance. We partner closely with Product, Security, and other stage groups to design and implement these capabilities. We value clear communication, thorough documentation, and making new features straightforward for users to adopt. • The base salary range for this role’s listed level is currently for residents of the United States only. This range is intended to reflect the role's base salary rate in locations throughout the US. Grade level and salary ranges are determined through interviews and a review of education, experience, knowledge, skills, abilities of the applicant, equity with other team members, alignment with market data, and geographic location. The base salary range does not include any bonuses, equity, or benefits. See more information on our benefits and equity. Sales roles are also eligible for incentive pay targeted at up to 100% of the offered base salary.
Responsibilities
• Lead a team of engineers building Software Supply Chain Security features with a focus on CI job artifact security. • Guide the design and implementation of SLSA (Supply-chain Levels for Software Artifacts) compliance within GitLab CI/CD pipelines. • Collaborate with Product Managers to define, prioritize, and deliver the roadmap for supply chain security capabilities. • Partner with Security team members to ensure new and existing features meet GitLab’s security standards and align with best practices. • Stay current with software supply chain security standards and tools, including SLSA, SBOM, software composition analysis, and vulnerability management. Translate what you learn into actionable product improvements. • Educate and advocate for supply chain security best practices across engineering teams to drive adoption of secure patterns in CI pipelines. • Represent the Pipeline Security team in cross-functional initiatives and, when appropriate, in external industry forums focused on software supply chain security. • Drive continuous improvement in team health, delivery predictability, and documentation quality for pipeline and supply chain security features.
Benefits
• $131,600 - $282,000 USD • How GitLab will support you • Benefits to support your health, finances, and well-being • Flexible Paid Time Off • Team Member Resource Groups • Equity Compensation & Employee Stock Purchase Plan • Growth and Development Fund • Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application. • Country Hiring Guidelines: GitLab hires new team members in countries around the world. All of our roles are remote, however some roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process. • Country Hiring Guidelines:
No credit card. Takes 10 seconds.