Engineering Manager, Software Supply Chain Security: Pipeline Security at Canonical

About GitLab

GitLab builds a comprehensive AI-powered DevSecOps platform used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers the world. The platform unites teams, reduces barriers, and delivers AI-driven benefits across the software development lifecycle. We embrace AI as a productivity multiplier and expect team members to incorporate AI into daily workflows to drive efficiency, innovation, and impact.

Overview

As the Engineering Manager for Software Supply Chain Security - Pipeline Security, you will lead a team that makes GitLab CI pipelines more secure and trustworthy for thousands of organizations. You will guide the design and delivery of supply chain security features, with a strong focus on CI job artifact security and SLSA implementation. You will hire, coach, and develop a high-performing engineering team while partnering closely with Product Management and Security to deliver roadmap commitments.

Key responsibilities

• Lead a team of engineers building software supply chain security features, focusing on CI job artifact security.
• Guide design and implementation of SLSA compliance within GitLab CI/CD pipelines, including SBOM and software composition analysis integrations.
• Collaborate with Product Managers to define, prioritize, and deliver roadmap items for supply chain security capabilities.
• Partner with Security to ensure new and existing features meet GitLab security standards and best practices.
• Drive adoption of secure CI/CD patterns by educating engineering teams and advocating for supply chain security best practices.
• Represent the Pipeline Security team in cross-functional initiatives and external forums when appropriate.
• Improve team health, delivery predictability, documentation quality, and operational practices for pipeline and supply chain security features.

Requirements and qualifications

• Proven experience leading and developing engineering teams, with strong delivery and people management skills.
• Practical knowledge of software supply chain security concepts, standards, and tools, including SLSA, SBOM, artifact provenance, attestation, and verification.
• Familiarity with CI/CD systems and their security considerations, and experience translating standards into product features.
• Understanding of container security, software composition analysis, and vulnerability management techniques.
• Ability to collaborate across Product, Security, and other engineering teams to deliver secure, usable capabilities.
• Openness to learn new technologies and apply transferable skills from related security, infrastructure, or software domains.

Team

The Pipeline Security team is a globally distributed group of engineers working asynchronously across time zones. The team focuses on building supply chain security features into GitLab, including native secrets management for CI pipelines, artifact provenance and verification, and progress toward SLSA Level 3 compliance. You will partner closely with Product, Security, and other stage groups.

Compensation

United States Salary Range: $131,600 - $282,000 USD. This range applies to residents of the United States and reflects base salary for the role and level. The base salary does not include bonuses, equity, or benefits.

How GitLab will support you

• Benefits to support health, finances, and well-being.
• Flexible paid time off.
• Team Member Resource Groups and development resources.
• Equity compensation and Employee Stock Purchase Plan.
• Growth and Development Fund.
• Parental leave.
• Home office support.

Location and hiring guidelines

This is a remote role. GitLab hires team members in countries around the world, though some roles may carry location-based eligibility requirements. The Talent Acquisition team can answer location questions during recruitment.

Equal opportunity and accommodations

GitLab is an equal opportunity workplace. Recruitment and employment decisions are based solely on merit. If you require an accommodation during the recruiting process, please let us know.

How to apply

Apply online through the job board by completing the application and attaching your resume in an accepted format.