Job Description

Locations

• United States (Remote)

Salary

Skills Required

• SLSA (Supply-chain Levels for Software Artifacts) frameworkintermediate
• CI/CD pipelines and GitLab CIintermediate
• Software Bill of Materials (SBOM)intermediate
• Software composition analysisintermediate
• Vulnerability managementintermediate
• Artifact provenance and attestationintermediate
• Container securityintermediate
• Secrets management in CI pipelinesintermediate
• Secure software development practicesintermediate
• Cross-functional collaboration toolsintermediate

Required Qualifications

• Experience leading and developing engineering teams focused on secure, reliable product features. (experience)
• Practical knowledge of software supply chain security concepts, tools, and industry standards. (experience)
• Understanding of the SLSA framework and its application in CI/CD pipelines. (experience)
• Familiarity with software artifact provenance, attestation, and verification techniques. (experience)
• Knowledge of secure software development practices including container security. (experience)
• Expertise in software composition analysis and vulnerability management. (experience)
• Experience working with CI/CD systems and their security considerations. (experience)
• Ability to collaborate effectively with product management and security partners. (experience)
• Skill in advocating for supply chain security best practices across teams. (experience)
• Openness to learning new technologies with transferable skills from security or engineering domains. (experience)

Preferred Qualifications

• Deep expertise in implementing SLSA compliance at higher levels. (experience)
• Hands-on experience with SBOM generation and management tools. (experience)
• Background in native secrets management systems for CI pipelines. (experience)
• Proven track record in artifact security and verification in production environments. (experience)
• Familiarity with AI integration in security workflows. (experience)
• Experience representing teams in external industry forums. (experience)
• Strong focus on team health and delivery predictability metrics. (experience)
• Knowledge of GitLab's platform and DevSecOps ecosystem. (experience)
• Skills in asynchronous collaboration across distributed teams. (experience)
• History of driving documentation quality improvements in engineering teams. (experience)

Responsibilities

• Lead a team of engineers building Software Supply Chain Security features focused on CI job artifact security.
• Guide the design and implementation of SLSA compliance within GitLab CI/CD pipelines.
• Collaborate with Product Managers to define, prioritize, and deliver the security roadmap.
• Partner with Security team to ensure features meet GitLab’s standards and best practices.
• Stay current with supply chain security standards like SLSA, SBOM, and vulnerability management.
• Translate industry learnings into actionable product improvements.
• Educate engineering teams on supply chain security best practices for CI pipelines.
• Represent the Pipeline Security team in cross-functional initiatives and industry forums.
• Drive continuous improvement in team health and delivery predictability.
• Enhance documentation quality for pipeline and supply chain security features.

Benefits

• general: Competitive base salary with transparency in pay ranges.
• general: Equity compensation and Employee Stock Purchase Plan.
• general: Comprehensive benefits supporting health, finances, and well-being.
• general: Flexible Paid Time Off policy.
• general: Team Member Resource Groups for inclusion and belonging.
• general: Growth and Development Fund for professional advancement.
• general: Generous parental leave.
• general: Home office support and equipment.
• general: All-remote work environment.
• general: Opportunities for career acceleration in a high-performance culture.

Tags & Categories