RemoteLeaf Logo
Log in Sign up

Principal Engineer, Software Supply Chain Security

1 hour, 48 minutes ago
United States, Canada, United Kingdom, Netherlands, Israel
Full-time
Lead
Application Security Engineer
DevOps and Infrastructure
CI/CD DevSecOps GitLab Go Kubernetes Rust Secrets Management
Apply Now
GitLab

GitLab

GitLab: The comprehensive DevOps platform revolutionizing software development with automation, AI workflows, and essential tools for efficient collaboration.

Internet Software & Services
1K-5K
Founded 2014
View All Jobs 53

Description

  • Lead the end-to-end software supply chain security architecture for GitLab’s CI/CD platform, including SLSA Level 3 implementation and CI infrastructure hardening.
  • Drive cross-team technical strategy and decisions across Software Supply Chain Security stage teams.
  • Collaborate with infrastructure and CI/CD teams to design secure, scalable runner architecture, container isolation, and pipeline security at scale.
  • Propose and validate technical implementations that improve CI/CD scaling and performance on critical paths.
  • Mentor and coach Staff Engineers and individual contributors on threat modeling, secrets management, artifact signing, and SBOM lifecycle practices.
  • Partner with Engineering Managers and senior leadership to define roadmaps and break down complex initiatives.
  • Engage with customers and external stakeholders as a technical consultant and spokesperson for GitLab’s security roadmap and capabilities.
  • Collaborate with product, security, and compliance stakeholders to ensure enterprise security, governance, and regulatory requirements are met.

Requirements

  • Deep expertise in software supply chain security, including supply chain threat modeling, SLSA implementation and attestation systems, and SBOM generation and lifecycle management.
  • Strong knowledge of artifact signing and verification using the Sigstore ecosystem, including Cosign, Fulcio, Rekor, and in-toto attestations.
  • Experience designing and hardening CI/CD security, including runner isolation, pipeline security controls, and secrets management in large-scale environments.
  • Background in distributed systems and infrastructure, including resilient CI/CD platforms that handle high pipeline volumes and optimize critical-path performance.
  • Practical experience with container security and Kubernetes security, including admission controllers, policy controllers, workload isolation, and registry hardening.
  • Proficiency in Go or Rust in a production environment.
  • Expert-level understanding of CI/CD workflows and DevSecOps best practices.
  • Experience operating as a Principal or Staff Engineer across multiple development teams with architectural leadership responsibilities.
  • Demonstrated ability to clearly communicate complex problems and solutions.
  • Experience partnering with Engineering Managers and senior leaders (preferred).

Benefits

  • Base salary range of $157,900 to $338,400 USD for the listed U.S. level.
  • Flexible Paid Time Off.
  • Equity compensation and an Employee Stock Purchase Plan.
  • Growth and Development Fund.
  • Parental leave.
  • Home office support.
  • Benefits to support health, finances, and well-being.
  • Team Member Resource Groups.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

True Zero Technologies

Cloud Security Engineer (R-00123)

True Zero Technologies 11-50 Internet Software & Services

True Zero Technologies is hiring a Cloud Security Engineer to support secure cloud architecture, operational security, and delivery of new capabilities across government cloud environments.

United States Full-time Senior Security Engineer
Ansible AWS Azure Chef CloudFormation Oracle Perl PowerShell Puppet Python SaltStack Terraform
3 minutes ago
IDMWORKS

IAM Engineer - SailPoint IIQ

IDMWORKS 51-250 Professional Services

IDMWORKS is hiring an IAM Engineer to remotely design, implement, and support SailPoint IdentityIQ solutions for enterprise clients.

United States Contract Senior Security Engineer
Java JavaScript JSON OAuth REST API SAML SOAP
3 minutes ago
Stellar Cyber

Senior Staff Software Engineer - Linux

Stellar Cyber 51-250 Professional Services

Stellar Cyber is hiring a Senior Staff Sensor Engineer to develop sensor software that captures and delivers customer data into its XDR platform across Linux and Windows environments for cloud and on-premises deployments.

Taiwan Full-time Senior Security Engineer Software Engineer
C C++ Cybersecurity DNS Go HTTP IPS Java Linux Python Ruby TCP/IP TLS
3 minutes ago
Lightcast

Sr. Manager - Info Security (Remote) - 1007

Lightcast 251-1K Professional Services

Lightcast is hiring a Senior Manager, Information Security to lead cybersecurity strategy, governance, and operational security programs in a remote role supporting compliance and protection of company systems, networks, and data.

United States Full-time Senior Security Engineer
AWS Azure Cybersecurity Encryption GCP
18 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers