Senior Engineering Manager - Software Supply Chain Security

An overview of this role

We are seeking a seasoned Senior Engineering Manager to lead and grow a high-performing software engineering team focused on enhancing software supply chain security. This role will be instrumental in building and implementing innovative solutions to protect the software development lifecycle and the underlying authentication and authorization layers from vulnerabilities and threats.

Senior Engineering Managers at GitLab see their team as their product. While they are technically credible and know the details of what engineers work on, their time is spent safeguarding their team’s health, hiring a world-class team, and putting them in the best position to succeed. They own the delivery of product commitments and are always looking to improve productivity. They must also coordinate across departments including Product, UX and Development to accomplish collaborative goals. Engineering Leadership at GitLab is cross-discipline. 

A Senior Engineering Manager manages Engineering Managers with fullstack teams (frontend, backend, and fullstack engineers), and/or Engineering Individual Contributors (typically Principal level frontend, backend, and fullstack engineers) distributed across the world. 

What You’ll Do  

• Build a globally-distributed, sustainable, and high-performing team through hiring, retention, and strategic organizational design

• Identify emerging software supply chain threats in the industry and via in-house research, and adjust strategy and prioritization in a timely manner

• Stay up-to-date with industry best practices and standards in the area of supply chain security, and grow the skills and capabilities of your teams accordingly

• Collaborate with product management and cross-functional teams across all Gitlab areas to drive software supply chain security initiatives that touch on multiple stages of the developer workflow

• Implement industry-based metrics to guide the team’s roadmap such as Third-Party Component Risk Score  (TPCRS) and Supply Chain Attack Surface (SCAS) to guide the team’s roadmap

• Plan and execute long term strategies that move your team and the product stage(s) toward business objectives. This includes decision-making, alignment, staffing, prioritization, leading through change, and working through ambiguity

• Lead and drive significant results for multiple teams that have a direct impact on the broader mission they contribute to

• Develop and execute process enhancements while strategically influencing leadership decisions across multiple organizational levels

• Enable quad planning team collaboration within product groups

• Enable Product, Quality, and UX performance via solid stable-counterpart partnerships

• Identify and resolve problems proactively, even in ambiguous situations or where negotiations are necessary, through advanced thinking, partnership and foresight

What You’ll Bring 

• Proven experience managing engineering managers and high-performing engineering teams, with a strong focus on software security

• Deep understanding of software development lifecycles and security best practices

• Familiarity with major open source software ecosystems (Ruby/Gems, JavaScript/TypeScript/NPM, Java/Maven, Python/PyPI, C/C++, Go, Rust, the Linux kernel) and respective software supply chain security challenges

• Strong technical skills in areas such as:

  • Secure coding practices

  • Vulnerability scanning and analysis

  • Cryptography

  • Threat modeling

  • Incident response

• Experience with security frameworks and tools (e.g., OWASP, NIST, SAST, DAST).

• Data-driven approach to improving team productivity and effectiveness

• Strong communication, collaboration, and stakeholder management abilities

• Experience working on open-source or enterprise-grade Software Supply Chain Security (SSCS) products, as a manager/leader 

• Demonstrated experience delivering scalable solutions, from database to frontend performance, as an individual contributor or manager

• Ability to discuss architectural concepts and systems design, and to broker technical decisions at a high-level between individual contributors

About the team

The Software Supply Chain Security team is tasked with building a strong end-to-end software supply chain security story for Gitlab users, with building compliance solutions and improving authentication and authorization as well as pipeline security across the whole Gitlab product.

Here are some examples of projects you’ll be working on:

• SLSA L3 Support 

• Token Consolidation

• Fine Grained Token Permissions

• Custom Permissions and Roles

• Service to Service Authentication

• Compliance Frameworks

• Secrets Management

GitLab’s approach to supply chain security is unique as you have the ability within your own organization as well as through partnerships across all stages of GitLab to influence and improve supply chain security across the whole software lifecycle, from ideation and early prototypes to deployed production system.

In this role, you’ll be leading a thirty person team consisting of four engineering managers with six to eight reports each. 

How GitLab will support you

• Benefits to support your health, finances, and well-being

• All remote, asynchronous work environment

• Flexible Paid Time Off 

• Team Member Resource Groups

• Equity Compensation & Employee Stock Purchase Plan

• Growth and Development Fund

• Parental leave 

• Home office support

Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application.