×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Data Security

Engineering Manager, Software Supply Chain Security: Pipeline Security

Job in Coos Bay, Coos County, Oregon, 97458, USA
Listing for: GitLab
Full Time position
Listed on 2025-12-23
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security
Job Description & How to Apply Below

Git Lab is an open-core software company that develops the most comprehensive AI-powered Dev Sec Ops  Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world. When everyone can contribute, consumers become contributors, significantly accelerating human progress. Our platform unites teams and organizations, breaking down barriers and redefining what's possible in software development.

Thanks to products like Duo Enterprise and Duo Agent Platform, customers get AI benefits at every stage of the SDLC.

The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier, with all team members expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact. Git Lab is where careers accelerate, innovation flourishes, and every voice is valued. Our high-performance culture is driven by our values and continuous knowledge exchange, enabling our team members to reach their full potential while collaborating with industry leaders to solve complex problems.

Co-create the future with us as we build technology that transforms how the world develops software.

An overview of this role

As the Engineering Manager, Software Supply Chain Security:
Pipeline Security, you’ll lead a team that makes Git Lab CI pipelines more secure and trustworthy for thousands of organizations. You’ll guide the design and delivery of Software Supply Chain Security features, with a primary focus on CI job artifact security. This includes implementing the SLSA (Supply-chain Levels for Software Artifacts) framework in Git Lab CI/CD and integrating related capabilities like SBOM, software composition analysis, and vulnerability management.

You’ll treat your team as your product, safeguarding team health, hiring and developing a high-performing group of engineers, and collaborating closely with Product Management and Security to deliver on roadmap commitments. Together, you’ll improve how users protect their software supply chains in their first year and beyond.

Some examples of our projects:

  • Developing a native secrets management system for Git Lab CI pipelines
  • Implementing SLSA Level 3 compliance features for CI job artifacts
What you’ll do
  • Lead a team of engineers building Software Supply Chain Security features with a focus on CI job artifact security.
  • Guide the design and implementation of SLSA (Supply-chain Levels for Software Artifacts) compliance within Git Lab CI/CD pipelines.
  • Collaborate with Product Managers to define, prioritize, and deliver the roadmap for supply chain security capabilities.
  • Partner with Security team members to ensure new and existing features meet Git Lab’s security standards and align with best practices.
  • Stay current with software supply chain security standards and tools, including SLSA, SBOM, software composition analysis, and vulnerability management. Translate what you learn into actionable product improvements.
  • Educate and advocate for supply chain security best practices across engineering teams to drive adoption of secure patterns in CI pipelines.
  • Represent the Pipeline Security team in cross-functional initiatives and, when appropriate, in external industry forums focused on software supply chain security.
  • Drive continuous improvement in team health, delivery predictability, and documentation quality for pipeline and supply chain security features.
What you’ll bring
  • Experience leading and developing engineering teams, with a focus on building secure, reliable product features.
  • Practical knowledge of software supply chain security concepts, tools, and industry standards.
  • Understanding of the SLSA (Supply-chain Levels for Software Artifacts) framework and how to apply it in CI/CD pipelines.
  • Familiarity with software artifact provenance, attestation, and verification techniques.
  • Knowledge of secure software development practices, including container security, software composition analysis, and vulnerability management.
  • Experience working with CI/CD systems and their security considerations.
  • Ability to collaborate effectively with…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search