Principal Engineer - Software Supply Chain Security

Join GitLab as a Principal Engineer - Software Supply Chain Security

In this role, you'll take charge of the technical strategy that secures how software is built and delivered on GitLab's DevSecOps platform. You'll provide architectural leadership and collaborate with various teams to enhance our security posture in the software supply chain.

About the Role

As the Principal Engineer, Software Supply Chain Security, you will lead the technical direction for securing GitLab’s software supply chain. You will work closely with infrastructure and CI/CD teams to strengthen our pipelines and access layers. Your expertise will help shape our approach to compliance and security in a growing market. You will also mentor engineers and represent GitLab to customers and external stakeholders.

Some examples of our projects include:

• SLSA Level 3 compliance and provenance attestation across GitLab’s CI/CD platform
• Integrated secrets management and runner security for container-isolated, secure pipelines

What You'll Do

• Lead the software supply chain security architecture for GitLab’s CI/CD platform, focusing on SLSA Level 3 implementation.
• Drive technical strategies and decisions across our Software Supply Chain Security stage teams.
• Collaborate with infrastructure and CI/CD teams to design secure and scalable runner architecture.
• Propose and validate technical implementations to improve CI/CD scaling and performance.
• Mentor Staff Engineers and individual contributors on supply chain security practices.
• Work with Engineering Managers and leadership to define roadmaps and break down complex initiatives.
• Engage with customers and external stakeholders as a technical consultant for GitLab’s security capabilities.
• Collaborate with product, security, and compliance teams to ensure features meet security and regulatory expectations.

What We're Looking For

• Expertise in software supply chain security, including threat modeling and SLSA implementation.
• Knowledge of artifact signing and verification using the Sigstore ecosystem.
• Experience in designing and hardening CI/CD security in large-scale environments.
• Background in distributed systems and infrastructure, optimizing performance for CI/CD platforms.
• Experience with container security and Kubernetes security practices.
• Proficiency in Go or Rust and a strong understanding of CI/CD workflows.
• Experience as a Principal or Staff Engineer, providing architectural leadership.
• Ability to communicate complex problems and solutions clearly.

About the Team

Our Software Supply Chain Security teams focus on authentication and access within GitLab. We build features that help customers manage vulnerabilities and compliance across their organizations. Our group consists of four core teams and over 40 engineers, working asynchronously to deliver secure features for customers in regulated industries.

What We Offer

The base salary range for this role is $157,900 — $338,400 USD. This range reflects the role's base salary rate in the United States and does not include bonuses, equity, or benefits. For more information on our benefits and equity, please visit our website. Sales roles are also eligible for incentive pay targeted at up to 100% of the offered base salary.

• Benefits to support your health, finances, and well-being
• Flexible Paid Time Off
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and Development Fund
• Parental leave
• Home office support

We welcome candidates with varying levels of experience. Many successful candidates do not meet every requirement. If you're excited about this role, please apply and let us assess your application.

---

Country Hiring Guidelines: GitLab hires globally. All roles are remote, but some may have specific location-based eligibility requirements. Our Talent Acquisition team can assist with any questions about location during the recruiting process.

Privacy Policy: Please review our Recruitment Privacy Policy. Your privacy is important to us.

GitLab is an equal opportunity employer. We do not tolerate discrimination or harassment. See our EEO Policy and EEO is the Law. If you need accommodation during the recruiting process, please let us know.