Senior Engineering Manager, Software Supply Chain Security

GitLab is an open core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world. When everyone can contribute, consumers become contributors, significantly accelerating the rate of human progress. This mission is integral to our culture, influencing how we hire, build products, and lead our industry. We make this possible at GitLab by running our operations on our product and staying aligned with our values. Learn more about Life at GitLab.

An overview of this role

We are seeking a seasoned Senior Engineering Manager to lead and grow a high-performing software engineering team focused on enhancing software supply chain security. This role will be instrumental in building and implementing innovative solutions to protect the software development lifecycle and the underlying authentication and authorization layers from vulnerabilities and threats.

Senior Engineering Managers at GitLab see their team as their product. While they are technically credible and know the details of what engineers work on, their time is spent safeguarding their team’s health, hiring a world-class team, and putting them in the best position to succeed. They own the delivery of product commitments and are always looking to improve productivity. They must also coordinate across departments including Product, UX and Development to accomplish collaborative goals. Engineering Leadership at GitLab is cross-discipline. 

A Senior Engineering Manager manages Engineering Managers with fullstack teams (frontend, backend, and fullstack engineers), and/or Engineering Individual Contributors (typically Principal level frontend, backend, and fullstack engineers) distributed across the world. 

What You’ll Do  

• Build a globally-distributed, sustainable, and high-performing team through hiring, retention, and strategic organizational design
• Identify emerging software supply chain threats in the industry and via in-house research, and adjust strategy and prioritization in a timely manner
• Stay up-to-date with industry best practices and standards in the area of supply chain security, and grow the skills and capabilities of your teams accordingly
• Collaborate with product management and cross-functional teams across all Gitlab areas to drive software supply chain security initiatives that touch on multiple stages of the developer workflow
• Implement industry-based metrics to guide the team’s roadmap such as Third-Party Component Risk Score  (TPCRS) and Supply Chain Attack Surface (SCAS) to guide the team’s roadmap
• Plan and execute long term strategies that move your team and the product stage(s) toward business objectives. This includes decision-making, alignment, staffing, prioritization, leading through change, and working through ambiguity
• Lead and drive significant results for multiple teams that have a direct impact on the broader mission they contribute to
• Develop and execute process enhancements while strategically influencing leadership decisions across multiple organizational levels
• Enable quad planning team collaboration within product groups
• Enable Product, Quality, and UX performance via solid stable-counterpart partnerships
• Identify and resolve problems proactively, even in ambiguous situations or where negotiations are necessary, through advanced thinking, partnership and foresight

What You’ll Bring 

• Proven experience managing engineering managers and high-performing engineering teams, with a strong focus on software security
• Deep understanding of software development lifecycles and security best practices
• Familiarity with major open source software ecosystems (Ruby/Gems, JavaScript/TypeScript/NPM, Java/Maven, Python/PyPI, C/C++, Go, Rust, the Linux kernel) and respective software supply chain security challenges
• Strong technical skills in areas such as:
• Secure coding practices
• Vulnerability scanning and analysis
• Cryptography
• Threat modeling
• Incident response
• Experience with security frameworks and tools (e.g., OWASP, NIST, SAST, DAST).
• Data-driven approach to improving team productivity and effectiveness
• Strong communication, collaboration, and stakeholder management abilities
• Experience working on open-source or enterprise-grade Software Supply Chain Security (SSCS) products, as a manager/leader 
• Demonstrated experience delivering scalable solutions, from database to frontend performance, as an individual contributor or manager
• Ability to discuss architectural concepts and systems design, and to broker technical decisions at a high-level between individual contributors

About the team

The Software Supply Chain Security team is tasked with building a strong end-to-end software supply chain security story for Gitlab users, with building compliance solutions and improving authentication and authorization as well as pipeline security across the whole Gitlab product.

Here are some examples of projects you’ll be working on:

• SLSA L3 Support 
• Token Consolidation
• Fine Grained Token Permissions
• Custom Permissions and Roles
• Service to Service Authentication
• Compliance Frameworks
• Secrets Management

GitLab’s approach to supply chain security is unique as you have the ability within your own organization as well as through partnerships across all stages of GitLab to influence and improve supply chain security across the whole software lifecycle, from ideation and early prototypes to deployed production system.

In this role, you’ll be leading a thirty person team consisting of four engineering managers with six to eight reports each. 

How GitLab will support you

• Benefits to support your health, finances, and well-being
• All remote, asynchronous work environment
• Flexible Paid Time Off 
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and Development Fund
• Parental leave 
• Home office support

Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application.

Country Hiring Guidelines: GitLab hires new team members in countries around the world. All of our roles are remote, however some roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process.  

Privacy Policy: Please review our Recruitment Privacy Policy. Your privacy is important to us.

GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics. See also GitLab’s EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know during the recruiting process.