Engineering Manager, Software Supply Chain Security: Pipeline Security at GitLab

About GitLab

GitLab builds an AI-powered DevSecOps platform used by over 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers the world. The platform unites teams, removes barriers, and delivers AI-driven benefits across the software development lifecycle. We embrace AI as a productivity multiplier and expect team members to incorporate AI into daily workflows to increase efficiency and impact.

Overview

As the Engineering Manager for Software Supply Chain Security - Pipeline Security, you will lead a team focused on making GitLab CI pipelines more secure and trustworthy for thousands of organizations. You will own delivery for supply chain security features, with a focus on CI job artifact security, SLSA implementation, SBOM integration, software composition analysis, and vulnerability management. You will hire, coach, and grow a high-performing engineering team while partnering closely with Product Management and Security to deliver the roadmap.

Key responsibilities

• Lead and manage a team of engineers building software supply chain security capabilities, prioritizing team health, delivery predictability, and documentation quality.
• Guide design and implementation of SLSA (Supply-chain Levels for Software Artifacts) compliance within GitLab CI/CD pipelines, and integrate related features such as SBOM and software composition analysis.
• Collaborate with Product Managers to define, prioritize, and deliver the roadmap for supply chain security functionality.
• Partner with the Security team to ensure features meet GitLab security standards and follow best practices for artifact provenance, attestation, and verification.
• Educate and advocate for supply chain security best practices across engineering teams to drive adoption of secure CI/CD patterns.
• Represent the Pipeline Security team in cross-functional initiatives and external industry forums when appropriate.
• Drive continuous improvement in team processes, delivery quality, and operational practices for pipeline and supply chain security features.

What you’ll bring

• Proven experience leading and developing engineering teams, with a strong track record of delivering reliable, secure product features.
• Practical knowledge of software supply chain security concepts, standards, and tools, including SLSA, SBOM, and software composition analysis.
• Familiarity with CI/CD systems and their security considerations, and the ability to translate standards into usable product features.
• Understanding of container security, software composition analysis, and vulnerability management techniques.
• Ability to collaborate effectively with product management, security, and other cross-functional partners, and to advocate for supply chain security best practices.
• Openness to learn new technologies and apply transferable skills from related security, infrastructure, or software engineering domains.

Team

The Pipeline Security team is a globally distributed group of engineers who collaborate asynchronously across time zones. The team focuses on building supply chain security features into GitLab, including native secrets management for CI pipelines, artifact provenance and verification, and progress toward SLSA Level 3 compliance. You will partner closely with Product, Security, and other stage groups.

Compensation

United States Salary Range: $131,600 - $282,000 USD. This range applies to residents of the United States and reflects base salary for the role and level. The base salary does not include bonuses, equity, or benefits.

How GitLab will support you

• Benefits to support health, finances, and well-being.
• Flexible paid time off.
• Team Member Resource Groups and growth resources.
• Equity compensation and Employee Stock Purchase Plan.
• Growth and Development Fund.
• Parental leave.
• Home office support.

Location and hiring guidelines

This is a remote role. GitLab hires team members in many countries, though some roles may carry location-based eligibility requirements. The Talent Acquisition team can answer questions about location eligibility during recruitment.

Equal opportunity and accommodations

GitLab is an equal opportunity employer. Recruitment and employment decisions are based solely on merit. If you require an accommodation during the recruiting process, please let us know.

How to apply

Apply online through the job board by completing the application and attaching a resume in a supported format. GitLab encourages applicants who are excited about the role to apply even if they do not meet every qualification.