Engineering Manager, Software Supply Chain Security: Pipeline Security

GitLab is the intelligent orchestration platform for DevSecOps. GitLab enables organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. More than 50 million registered users and more than 50% of the Fortune 100* trust GitLab to ship better, more secure software faster.The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier, with all team members expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact. GitLab is where careers accelerate, innovation flourishes, and every voice is valued. Our high-performance culture is driven by our values and continuous knowledge exchange, enabling our team members to reach their full potential while collaborating with industry leaders to solve complex problems. Co-create the future with us as we build technology that transforms how the world develops software.*Fortune 500® is a registered trademark of Fortune Media IP Limited, used under license. Claim based on GitLab data. Fortune 100 refers to the top 20% ranked companies in the 2025 Fortune 500 list, published in June 2025. Fortune and Fortune Media IP Limited are not affiliated with, and do not endorse products or services of GitLab.An overview of this roleAs the Engineering Manager, Software Supply Chain Security: Pipeline Security, you’ll lead a team that makes GitLab CI pipelines more secure and trustworthy for thousands of organizations. You’ll guide the design and delivery of Software Supply Chain Security features, with a primary focus on CI job artifact security. This includes implementing the SLSA (Supply-chain Levels for Software Artifacts) framework in GitLab CI/CD and integrating related capabilities like SBOM, software composition analysis, and vulnerability management. You’ll treat your team as your product, safeguarding team health, hiring and developing a high-performing group of engineers, and collaborating closely with Product Management and Security to deliver on roadmap commitments. Together, you’ll improve how users protect their software supply chains in their first year and beyond.Some examples of our projects:Developing a native secrets management system for GitLab CI pipelinesImplementing SLSA Level 3 compliance features for CI job artifactsWhat you’ll doLead a team of engineers building Software Supply Chain Security features with a focus on CI job artifact security.Guide the design and implementation of SLSA (Supply-chain Levels for Software Artifacts) compliance within GitLab CI/CD pipelines.Collaborate with Product Managers to define, prioritize, and deliver the roadmap for supply chain security capabilities.Partner with Security team members to ensure new and existing features meet GitLab’s security standards and align with best practices.Stay current with software supply chain security standards and tools, including SLSA, SBOM, software composition analysis, and vulnerability management. Translate what you learn into actionable product improvements.Educate and advocate for supply chain security best practices across engineering teams to drive adoption of secure patterns in CI pipelines.Represent the Pipeline Security team in cross-functional initiatives and, when appropriate, in external industry forums focused on software supply chain security.Drive continuous improvement in team health, delivery predictability, and documentation quality for pipeline and supply chain security features.What you’ll bringExperience leading and developing engineering teams, with a focus on building secure, reliable product features.Practical knowledge of software supply chain security concepts, tools, and industry standards.Understanding of the SLSA (Supply-chain Levels for Software Artifacts) framework and how to apply it in CI/CD pipelines.Familiarity with software artifact provenance, attestation, and verification techniques.Knowledge of secure software development practices, including container security, software composition analysis, and vulnerability management.Experience working with CI/CD systems and their security considerations.Ability to collaborate effectively with product management, security, and other cross-functional partners, and to advocate for supply chain security best practices.Openness to learning new technologies and approaches, with transferable skills from related security, infrastructure, or software engineering domains.About the teamOur Pipeline Security team is a globally distributed group of engineers who collaborate asynchronously across time zones. We're focused on building Software Supply Chain Security features into the core GitLab platform, with current priorities including native secrets management for CI pipelines, artifact provenance and verification, and achieving SLSA Level 3 compliance. We partner closely with Product, Security, and other stage groups to desi