Principal Engineer, Software Supply Chain Security

📋 Description

• Lead end-to-end software supply chain security for GitLab’s CI/CD.
• Drive cross-team SSCS strategy aligned to security plans.
• Design secure runner architecture and scalable pipeline security.
• Mentor engineers on threat modeling, secrets, and SBOM lifecycle.
• Partner with leaders to define roadmaps and enable staff engineers.
• Engage with customers as a technical consultant on SSCS roadmap.

🎯 Requirements

• Deep expertise in software supply chain security, threat modeling, SLSA, SBOM.
• Sigstore ecosystem: Cosign, Fulcio, Rekor, and in-toto attestations.
• CI/CD security hardening: runner isolation, pipeline controls, secrets mgmt.
• Container/Kubernetes security: admission controllers, policy, registry hardening.
• Go or Rust production proficiency; DevSecOps best practices.
• Experience as Principal/Staff Engineer across multiple teams.

🎁 Benefits

• Benefits to support your health, finances, and well-being.
• Flexible Paid Time Off.
• Equity compensation and Employee Stock Purchase Plan.
• Growth and development opportunities.
• Parental leave.
• Home office support.