Engineering Manager, SSCS: Supply Chain

An overview of this role

As an Engineering Manager, you’ll guide GitLab’s dedicated Software Supply Chain Security (SSCS) Add-On engineering team as it develops core capabilities including Dependency Firewall, Build Provenance, Malicious Packages detection, and Artifact Signing. This is a founding management role where you’ll help shape how the team works, partner closely with the Staff Backend Engineer, Product Manager, and SSCS stage management, and turn a defined roadmap into steady, high-quality delivery for enterprise customers with strict security and compliance needs. You’ll focus on developing the team, creating a healthy operating rhythm, and establishing predictable execution for the SSCS SKU.

You’ll join a product area where customers in regulated industries are already validating the need, and your work will help GitLab deliver software supply chain security features that customers can rely on. While technical credibility matters, your main focus will be growing a strong backend engineering team, enabling team members in their development, and creating the conditions for long-term delivery and quality.

What you’ll do

• Guide a backend engineering team building the SSCS Add-On across dependency enforcement, build provenance, malicious package detection, and artifact signing.
• Be responsible for Drive engineering delivery for general availability milestones by aligning sequencing, scope, and dependencies with the Staff Backend Engineer and Product Manager.
• Develop the team by partnering with Talent Acquisition on sourcing, interview design, candidate evaluation, and hiring decisions.
• Run regular 1:1s, performance reviews, and career development conversations that enable growth and clear expectations.
• Advance engineering quality by monitoring cycle time, defect rates, and test coverage, and by addressing risks early.
• Coordinate quarterly planning and roadmap tradeoff discussions with SSCS stage leadership and Product.
• Work with Finance and other partners on headcount pacing and team planning as the Add-On scales.
• Represent the SSCS Add-On team within stage leadership discussions and help ensure strong communication across functions.

What you’ll bring

• Experience guiding backend product engineering teams in security, DevSecOps, or platform engineering environments.
• Ability to hire and grow backend or security engineers in distributed team environments, with practical understanding of the talent landscape for these roles.
• Technical credibility to contribute to architecture discussions involving package registries, CI/CD pipeline security, and signing infrastructure.
• Experience managing predictable delivery across multi-quarter product roadmaps and managing cross-team dependencies.
• Comfort working in an asynchronous, documentation-driven organization with clear written communication.
• Familiarity with supply chain security, artifact management, or compliance-focused product areas, or transferable experience from related domains.
• Working knowledge of concepts related to frameworks and ecosystems such as SLSA and Sigstore.
• Ability to build credibility with engineers, product partners, and customer-facing stakeholders through clear judgment, coaching, and teamwork.

About the team

The SSCS Add-On team is a product engineering team within GitLab’s Software Supply Chain Security stage. We work on key capabilities in the SSCS Add-On SKU and collaborate closely with product and engineering partners to deliver security features for customers operating in regulated environments. You’ll report to the SSCS Senior Engineering Manager and partner directly with the Staff Backend Engineer and Product Manager. As a distributed team working asynchronously across regions, we are focused on strong delivery practices, team health, and scaling the product area with clarity and accountability. For more on how related teams work, see Team Handbook Page.