Engineering Manager, Software Supply Chain Security: Pipeline Security

Responsibilities

• Lead and grow a team of engineers focused on Software Supply Chain Security with emphasis on CI job artifact security.
• Drive the design and implementation of SLSA compliance features for CI/CD pipelines and related capabilities such as SBOM generation, software composition analysis, and vulnerability management.
• Collaborate closely with Product Management and Security to define priorities, plan roadmap delivery, and ensure features meet security standards.
• Advocate for and educate engineering teams on supply chain security best practices to increase adoption and improve developer workflows.
• Represent the Pipeline Security team in cross-functional initiatives and industry forums as appropriate.
• Improve team health, delivery predictability, and documentation quality; hire and develop high-performing engineers.

Requirements

• Engineering leadership
• SLSA knowledge
• CI/CD security
• Artifact provenance
• SBOM experience
• Vulnerability management
• Secrets management
• Container security
• Distributed teams
• Cross-team collaboration

Preferred Qualifications

• Experience implementing supply chain security features in a large-scale CI/CD platform.
• Familiarity with attestation, artifact signing, and verification workflows.
• Background working with software composition analysis and SBOM tooling at scale.
• Practical experience partnering with product and security teams to ship secure features.
• Experience in remote or distributed engineering organizations.

Benefits

• Competitive paid leave and annual leave entitlement
• Health insurance coverage
• Relocation allowance for eligible hires to UAE
• Housing allowance (where applicable)
• Professional development and growth support

About the Company

GitLab is a global open-core software company that builds a leading DevSecOps platform used by organizations worldwide. The Pipeline Security team builds software supply chain security features into the core platform to help customers secure CI/CD pipelines, artifacts, and deployments. This role is based in Dubai, UAE (hybrid), and will operate from within the UAE while collaborating with a globally distributed team.