Engineering Manager, Software Supply Chain Security: Pipeline Security
Used Tools & Technologies
Not specified
Required Skills & Competences
Tag name is followed by "@" symbol and proficiency level value.
About proficiency levels:
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Security @ 3
Software Development @ 3
CI/CD @ 3
Hiring @ 3
Communication @ 3
Product Management @ 3
Compliance @ 3
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Details
GitLab is an open-core software company building an AI-powered DevSecOps platform used by more than 100,000 organizations. The Engineering Manager, Software Supply Chain Security: Pipeline Security will lead a team making GitLab CI pipelines more secure and trustworthy for thousands of organizations. The role focuses on CI job artifact security, implementing SLSA compliance in GitLab CI/CD, and integrating related capabilities such as SBOM, software composition analysis, and vulnerability management. The manager will treat the team as their product—safeguarding team health, hiring and developing engineers, and collaborating closely with Product Management and Security to deliver roadmap commitments.
Responsibilities
- Lead a team of engineers building Software Supply Chain Security features with a focus on CI job artifact security.
- Guide the design and implementation of SLSA (Supply-chain Levels for Software Artifacts) compliance within GitLab CI/CD pipelines.
- Collaborate with Product Managers to define, prioritize, and deliver the roadmap for supply chain security capabilities.
- Partner with Security team members to ensure new and existing features meet GitLab’s security standards and align with best practices.
- Stay current with software supply chain security standards and tools (including SLSA, SBOM, software composition analysis, and vulnerability management) and translate learnings into product improvements.
- Educate and advocate for supply chain security best practices across engineering teams to drive adoption of secure patterns in CI pipelines.
- Represent the Pipeline Security team in cross-functional initiatives and, when appropriate, in external industry forums focused on software supply chain security.
- Drive continuous improvement in team health, delivery predictability, and documentation quality for pipeline and supply chain security features.
Requirements
- Experience leading and developing engineering teams, focusing on building secure, reliable product features.
- Practical knowledge of software supply chain security concepts, tools, and industry standards.
- Understanding of the SLSA framework and how to apply it in CI/CD pipelines.
- Familiarity with software artifact provenance, attestation, and verification techniques.
- Knowledge of secure software development practices, including container security, software composition analysis, and vulnerability management.
- Experience working with CI/CD systems and their security considerations.
- Ability to collaborate effectively with product management, security, and other cross-functional partners, and to advocate for supply chain security best practices.
- Openness to learning new technologies and approaches, with transferable skills from related security, infrastructure, or software engineering domains.
Example projects (from the posting)
- Developing a native secrets management system for GitLab CI pipelines.
- Implementing SLSA Level 3 compliance features for CI job artifacts.
About the team
The Pipeline Security team is a globally distributed group of engineers collaborating asynchronously across time zones. The team focuses on building Software Supply Chain Security features into the core GitLab platform, with priorities including native secrets management for CI pipelines, artifact provenance and verification, and achieving SLSA Level 3 compliance. The team partners closely with Product, Security, and other groups and values clear communication, thorough documentation, and making new features straightforward for users to adopt.
Compensation
- United States base salary range for this role: $131,600 - $282,000 USD (base salary range applies to residents of the United States and does not include bonuses, equity, or benefits).
How GitLab will support you / Benefits
- Benefits to support health, finances, and well-being.
- Flexible Paid Time Off.
- Team Member Resource Groups.
- Equity Compensation & Employee Stock Purchase Plan.
- Growth and Development Fund.
- Parental leave.
- Home office support.
Notes
- GitLab embraces AI as a core productivity multiplier and expects team members to incorporate AI into daily workflows.
- GitLab hires in countries around the world; roles are remote but may carry location-based eligibility requirements. Talent Acquisition can answer location questions during recruiting.
- GitLab is an equal opportunity employer and provides accommodations during the recruiting process if needed.