Engineering Manager, Software Supply Chain Security: Pipeline Security in London

Join to apply for the Engineering Manager, Software Supply Chain Security: Pipeline Security role at GitLab. GitLab is an open-core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world. Our platform unites teams and organizations, breaking down barriers and redefining what is possible in software development. We embrace AI as a core productivity multiplier; all team members are expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact.

An overview of this role:

As the Engineering Manager, Software Supply Chain Security: Pipeline Security, you will lead a team that makes GitLab CI pipelines more secure and trustworthy for thousands of organizations. You will guide the design and delivery of Software Supply Chain Security features, with a primary focus on CI job artifact security. This includes implementing the SLSA (Supply-chain Levels for Software Artifacts) framework in GitLab CI/CD and integrating related capabilities like SBOM, software composition analysis, and vulnerability management. You will treat your team as your product, safeguarding team health, hiring and developing a high-performing group of engineers, and collaborating closely with Product Management and Security to deliver on roadmap commitments.

Some Examples Of Our Projects:

• Developing a native secrets management system for GitLab CI pipelines
• Implementing SLSA Level 3 compliance features for CI job artifacts

What you will do:

• Lead a team of engineers building Software Supply Chain Security features with a focus on CI job artifact security.
• Guide the design and implementation of SLSA compliance within GitLab CI/CD pipelines.
• Collaborate with Product Managers to define, prioritize, and deliver the roadmap for supply chain security capabilities.
• Partner with Security team members to ensure new and existing features meet GitLab's security standards and align with best practices.
• Stay current with software supply chain security standards and tools, including SLSA, SBOM, software composition analysis, and vulnerability management.
• Educate and advocate for supply chain security best practices across engineering teams to drive adoption of secure patterns in CI pipelines.
• Represent the Pipeline Security team in cross-functional initiatives and, when appropriate, in external industry forums focused on software supply chain security.
• Drive continuous improvement in team health, delivery predictability, and documentation quality for pipeline and supply chain security features.

What you will bring:

• Experience leading and developing engineering teams, with a focus on building secure, reliable product features.
• Practical knowledge of software supply chain security concepts, tools, and industry standards.
• Understanding of the SLSA framework and how to apply it in CI/CD pipelines.
• Familiarity with software artifact provenance, attestation, and verification techniques.
• Knowledge of secure software development practices, including container security, software composition analysis, and vulnerability management.
• Experience working with CI/CD systems and their security considerations.
• Ability to collaborate effectively with product management, security, and other cross-functional partners, and to advocate for supply chain security best practices.
• Openness to learning new technologies and approaches, with transferable skills from related security, infrastructure, or software engineering domains.

About The Team:

Our Pipeline Security team is a globally distributed group of engineers who collaborate asynchronously across time zones. We are focused on building Software Supply Chain Security features into the core GitLab platform, with current priorities including native secrets management for CI pipelines, artifact provenance and verification, and achieving SLSA Level 3 compliance. We value clear communication, thorough documentation, and making new features straightforward for users to adopt.

How GitLab Will Support You:

• Benefits to support your health, finances, and well-being
• Flexible Paid Time Off
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and Development Fund
• Parental leave
• Home office support

Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement.

GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab's policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex, national origin, age, citizenship, marital status, mental or physical disability, genetic information, discharge status from the military, protected veteran status, or any other basis protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics.