Engineering Manager, Software Supply Chain Security: Pipeline Security

Posted 20 days agoViewed

💎 Seniority level: Manager

📍 Location: Worldwide

💸 Salary: 131600.0 - 282000.0 USD per year

🔍 Industry: Software Development

🏢 Company: GitLab👥 1001-5000💰 $268,000,000 Series E over 5 years ago🫂 Last layoff over 2 years agoDeveloper Tools DevOps Open Source SaaS Cloud Security

🗣️ Languages: English

🪄 Skills: LeadershipPythonSoftware DevelopmentBashCybersecurityGitPeople ManagementProduct ManagementCross-functional Team LeadershipCommunication SkillsCI/CDAgile methodologiesRESTful APIsDevOpsWritten communicationDocumentationComplianceTeam management

Requirements:

Experience with software supply chain security concepts and tools
Understanding of the SLSA (Supply-chain Levels for Software Artifacts) framework and its application in CI/CD pipelines
Familiarity with software artifact provenance, attestation, and verification techniques
Knowledge of secure software development practices
Experience with CI/CD systems and their security considerations
Understanding of container security concepts
Familiarity with software composition analysis and vulnerability management
Experience implementing SLSA compliance in production environments is ideal, but not required

Responsibilities:

Lead a team focused on developing features for Software Supply Chain Security, with a primary focus on CI job artifact security
Guide the implementation of SLSA compliance framework into GitLab CI/CD pipeline features
Collaborate with Product Managers to define and prioritize the roadmap for Supply Chain Security features
Stay current with industry standards and best practices in software supply chain security, particularly SLSA, SBOM, and vulnerability management
Partner with Security team members to ensure features meet the highest security standards
Educate and advocate for supply chain security best practices across GitLab
Represent GitLab in industry forums related to software supply chain security when appropriate

Apply