[Remote] Engineering Manager, Software Supply Chain Security: Pipeline Security
Note: The job is a remote job and is open to candidates in USA. GitLab is the intelligent orchestration platform for DevSecOps, enabling organizations to improve developer productivity and reduce security risks. The Engineering Manager will lead a team focused on enhancing the security of CI pipelines and implementing software supply chain security features.ResponsibilitiesLead a team of engineers building Software Supply Chain Security features with a focus on CI job artifact securityGuide the design and implementation of SLSA (Supply-chain Levels for Software Artifacts) compliance within GitLab CI/CD pipelinesCollaborate with Product Managers to define, prioritize, and deliver the roadmap for supply chain security capabilitiesPartner with Security team members to ensure new and existing features meet GitLab’s security standards and align with best practicesStay current with software supply chain security standards and tools, including SLSA, SBOM, software composition analysis, and vulnerability management. Translate what you learn into actionable product improvementsEducate and advocate for supply chain security best practices across engineering teams to drive adoption of secure patterns in CI pipelinesRepresent the Pipeline Security team in cross-functional initiatives and, when appropriate, in external industry forums focused on software supply chain securityDrive continuous improvement in team health, delivery predictability, and documentation quality for pipeline and supply chain security featuresSkillsExperience leading and developing engineering teams, with a focus on building secure, reliable product featuresPractical knowledge of software supply chain security concepts, tools, and industry standardsUnderstanding of the SLSA (Supply-chain Levels for Software Artifacts) framework and how to apply it in CI/CD pipelinesFamiliarity with software artifact provenance, attestation, and verification techniquesKnowledge of secure software development practices, including container security, software composition analysis, and vulnerability managementExperience working with CI/CD systems and their security considerationsAbility to collaborate effectively with product management, security, and other cross-functional partners, and to advocate for supply chain security best practicesOpenness to learning new technologies and approaches, with transferable skills from related security, infrastructure, or software engineering domainsBenefitsBenefits to support your health, finances, and well-beingFlexible Paid Time OffTeam Member Resource GroupsEquity Compensation & Employee Stock Purchase PlanGrowth and Development FundParental LeaveCompany OverviewGitLab is a web-based Git repository manager that offers a variety of features for software development teams. It was founded in 2014, and is headquartered in San Francisco, California, USA, with a workforce of 1001-5000 employees. Its website is http://about.gitlab.com.