Similar Jobs

See all

DevSecOps Engineer

Alpaca

Global

DevSecOps Security Engineering Cloud Security

Senior Product Security Engineer

N8n

Europe

Security SAST DAST

DevSecOps Engineer, Sr.

Rackner

US

Terraform Kubernetes CI/CD

Staff Security Engineer

Modern Health

US

Security Python Bash

Member of Technical Staff, Platform

Anchorage Digital

US

GCP AWS CI/CD

Overview:

  • Own the technical strategy that secures how software is built and delivered on GitLab’s DevSecOps platform.
  • Provide architectural leadership across multiple engineering teams.
  • Partner closely with infrastructure and CI/CD teams to harden our pipelines, infrastructure, and access layers.

Responsibilities:

  • Lead the end-to-end software supply chain security architecture for GitLab’s CI/CD platform, including SLSA Level 3 implementation and CI infrastructure hardening.
  • Drive cross-team technical strategy and decisions across our Software Supply Chain Security (SSCS) stage teams, aligning engineering work to SSCS strategic plans.
  • Collaborate with infrastructure and CI/CD teams to design and land long-term initiatives for secure, scalable runner architecture, container isolation, and pipeline security at scale.

Requirements:

  • Deep expertise in software supply chain security, including threat modeling for supply chain attack vectors, SLSA implementation and attestation systems, and SBOM generation and lifecycle management.
  • Strong knowledge of artifact signing and verification using the Sigstore ecosystem, including Cosign, Fulcio, Rekor, and in-toto attestations.
  • Experience designing and hardening CI/CD security, such as runner isolation, pipeline security controls, and secrets management in large-scale environments.

GitLab

GitLab is an open-core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world.

Apply for This Position