Engineering Manager, Software Supply Chain Security – Pipeline Security
GitLab
full-time
Posted on:
Location Type: Remote
Location: Remote • 🇺🇸 United States
Visit company websiteSalary
💰 $131,600 - $282,000 per year
Job Level
Mid-LevelSenior
About the role
- Lead a team of engineers building Software Supply Chain Security features with a focus on CI job artifact security.
- Guide the design and implementation of SLSA (Supply-chain Levels for Software Artifacts) compliance within GitLab CI/CD pipelines.
- Collaborate with Product Managers to define, prioritize, and deliver the roadmap for supply chain security capabilities.
- Partner with Security team members to ensure new and existing features meet GitLab’s security standards and align with best practices.
- Stay current with software supply chain security standards and tools, including SLSA, SBOM, software composition analysis, and vulnerability management. Translate what you learn into actionable product improvements.
- Educate and advocate for supply chain security best practices across engineering teams to drive adoption of secure patterns in CI pipelines.
- Represent the Pipeline Security team in cross-functional initiatives and, when appropriate, in external industry forums focused on software supply chain security.
- Drive continuous improvement in team health, delivery predictability, and documentation quality for pipeline and supply chain security features.
Requirements
- Experience leading and developing engineering teams, with a focus on building secure, reliable product features.
- Practical knowledge of software supply chain security concepts, tools, and industry standards.
- Understanding of the SLSA (Supply-chain Levels for Software Artifacts) framework and how to apply it in CI/CD pipelines.
- Familiarity with software artifact provenance, attestation, and verification techniques.
- Knowledge of secure software development practices, including container security, software composition analysis, and vulnerability management.
- Experience working with CI/CD systems and their security considerations.
- Ability to collaborate effectively with product management, security, and other cross-functional partners, and to advocate for supply chain security best practices.
- Openness to learning new technologies and approaches, with transferable skills from related security, infrastructure, or software engineering domains.
Benefits
- Benefits to support your health, finances, and well-being
- Flexible Paid Time Off
- Team Member Resource Groups
- Equity Compensation & Employee Stock Purchase Plan
- Growth and Development Fund
- Parental leave
- Home office support
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
SLSAsoftware supply chain securityCI/CDsoftware composition analysisvulnerability managementcontainer securitysoftware artifact provenanceattestation techniquesverification techniquessecure software development practices
Soft skills
team leadershipcollaborationadvocacycommunicationcross-functional partnershipcontinuous improvementproduct management collaborationeducational skillsorganizational skillsdelivery predictability