Staff Product Manager, Software Supply Chain Security
GitLab
Staff Product Manager, Software Supply Chain Security
Job Description
About this Role
Lead the charge in revolutionizing software supply chain security at GitLab, the pioneer of the AI-powered DevSecOps platform.
Empower teams worldwide to contribute and co-create the software that propels human progress forward.
Dive into a $3-8B market exploding with 85% enterprise adoption by 2028, fueled by urgent regulatory demands.
Own the strategy for groundbreaking SSCS pillars like provenance, attestation, SBOM, and dependency firewalls.
Transform complex SLSA frameworks into intuitive capabilities that fortify CI/CD pipelines and registries.
Collaborate with elite engineering and UX teams to deliver differentiated security offerings.
Engage directly with customers to validate business cases and shape the future of secure software delivery.
Thrive in a high-performance culture where AI amplifies innovation and every voice drives impact.
Accelerate your career amid continuous knowledge exchange with industry leaders tackling real-world challenges.
Co-create the future, breaking barriers and redefining what's possible in DevSecOps excellence.
Locations
- United States (Remote)
Salary
Salary details available upon request
280,000 - 450,000 USD / yearly
Source: ai estimated
* This is an estimated range based on market data and may vary based on experience and qualifications.
Skills Required
- Software Supply Chain Security (SSCS)intermediate
- SLSA frameworkintermediate
- SBOM generation and managementintermediate
- Software Composition Analysis (SCA)intermediate
- Dependency scanningintermediate
- Provenance and attestationintermediate
- Signing and verificationintermediate
- Malicious package detectionintermediate
- Dependency firewallintermediate
- CI/CD pipeline securityintermediate
Required Qualifications
- Product management experience owning complex security products (experience)
- Focus on software supply chain security or adjacent areas (experience)
- Knowledge of provenance, attestation, signing, and verification (experience)
- Experience with SLSA framework (experience)
- Experience in dependency risk and software composition analysis (SCA) (experience)
- Familiarity with dependency scanning and SBOM tooling (experience)
- Ability to translate technical topics into value-focused narratives (experience)
- Experience collaborating with engineering and UX partners (experience)
- Background in security, DevSecOps, or developer-focused products (experience)
- Openness to learning new technologies in a distributed team (experience)
Preferred Qualifications
- Deep expertise in regulatory mandates like EO 14028 (experience)
- Experience with malicious package detection systems (experience)
- Knowledge of competitive SCA and supply chain tools (experience)
- Proven track record in B2B SaaS product launches (experience)
- Skills in defining product success metrics (experience)
- Background in federal or regulated industry sales (experience)
- Experience creating visuals and narratives for stakeholders (experience)
- Familiarity with asynchronous global team collaboration (experience)
- History of driving iterative product improvements (experience)
- Understanding of AI integration in security workflows (experience)
Responsibilities
- Lead end-to-end product strategy for SSCS add-on
- Drive discovery and prioritization of capabilities like SBOM and dependency firewall
- Collaborate with engineers to define requirements and roadmaps
- Partner with sales, customer success, and support stakeholders
- Engage customers to explain SSCS and gather feedback
- Analyze market trends and competitive offerings
- Define and track product success metrics
- Represent SSCS as subject matter expert internally
- Create visuals, narratives, and documentation for teams
- Validate business cases and shape product offerings
Benefits
- general: Comprehensive health, dental, and vision insurance
- general: Flexible Paid Time Off policy
- general: Team Member Resource Groups for belonging
- general: Equity Compensation and Employee Stock Purchase Plan
- general: Growth and Development Fund
- general: Generous Parental Leave
- general: Home office equipment support
- general: Mental health and well-being programs
- general: Professional development opportunities
- general: Inclusive equal opportunity workplace culture
Tags & Categories
Staff Product Manager, Software Supply Chain Security
GitLab
Staff Product Manager, Software Supply Chain Security
Job Description
About this Role
Lead the charge in revolutionizing software supply chain security at GitLab, the pioneer of the AI-powered DevSecOps platform.
Empower teams worldwide to contribute and co-create the software that propels human progress forward.
Dive into a $3-8B market exploding with 85% enterprise adoption by 2028, fueled by urgent regulatory demands.
Own the strategy for groundbreaking SSCS pillars like provenance, attestation, SBOM, and dependency firewalls.
Transform complex SLSA frameworks into intuitive capabilities that fortify CI/CD pipelines and registries.
Collaborate with elite engineering and UX teams to deliver differentiated security offerings.
Engage directly with customers to validate business cases and shape the future of secure software delivery.
Thrive in a high-performance culture where AI amplifies innovation and every voice drives impact.
Accelerate your career amid continuous knowledge exchange with industry leaders tackling real-world challenges.
Co-create the future, breaking barriers and redefining what's possible in DevSecOps excellence.
Locations
- United States (Remote)
Salary
Salary details available upon request
280,000 - 450,000 USD / yearly
Source: ai estimated
* This is an estimated range based on market data and may vary based on experience and qualifications.
Skills Required
- Software Supply Chain Security (SSCS)intermediate
- SLSA frameworkintermediate
- SBOM generation and managementintermediate
- Software Composition Analysis (SCA)intermediate
- Dependency scanningintermediate
- Provenance and attestationintermediate
- Signing and verificationintermediate
- Malicious package detectionintermediate
- Dependency firewallintermediate
- CI/CD pipeline securityintermediate
Required Qualifications
- Product management experience owning complex security products (experience)
- Focus on software supply chain security or adjacent areas (experience)
- Knowledge of provenance, attestation, signing, and verification (experience)
- Experience with SLSA framework (experience)
- Experience in dependency risk and software composition analysis (SCA) (experience)
- Familiarity with dependency scanning and SBOM tooling (experience)
- Ability to translate technical topics into value-focused narratives (experience)
- Experience collaborating with engineering and UX partners (experience)
- Background in security, DevSecOps, or developer-focused products (experience)
- Openness to learning new technologies in a distributed team (experience)
Preferred Qualifications
- Deep expertise in regulatory mandates like EO 14028 (experience)
- Experience with malicious package detection systems (experience)
- Knowledge of competitive SCA and supply chain tools (experience)
- Proven track record in B2B SaaS product launches (experience)
- Skills in defining product success metrics (experience)
- Background in federal or regulated industry sales (experience)
- Experience creating visuals and narratives for stakeholders (experience)
- Familiarity with asynchronous global team collaboration (experience)
- History of driving iterative product improvements (experience)
- Understanding of AI integration in security workflows (experience)
Responsibilities
- Lead end-to-end product strategy for SSCS add-on
- Drive discovery and prioritization of capabilities like SBOM and dependency firewall
- Collaborate with engineers to define requirements and roadmaps
- Partner with sales, customer success, and support stakeholders
- Engage customers to explain SSCS and gather feedback
- Analyze market trends and competitive offerings
- Define and track product success metrics
- Represent SSCS as subject matter expert internally
- Create visuals, narratives, and documentation for teams
- Validate business cases and shape product offerings
Benefits
- general: Comprehensive health, dental, and vision insurance
- general: Flexible Paid Time Off policy
- general: Team Member Resource Groups for belonging
- general: Equity Compensation and Employee Stock Purchase Plan
- general: Growth and Development Fund
- general: Generous Parental Leave
- general: Home office equipment support
- general: Mental health and well-being programs
- general: Professional development opportunities
- general: Inclusive equal opportunity workplace culture
Tags & Categories