Apply on Employer Site

GitLab · 2 weeks ago

Staff Product Manager, Software Supply Chain Security

United States

Full-time

Remote

Lead/Staff

GitLab is an open-core software company that develops an AI-powered DevSecOps Platform. They are seeking a Staff Product Manager for Software Supply Chain Security to lead the strategy and delivery of a new product line that secures the software supply chain, collaborating closely with engineering and cross-functional partners.

Cloud SecurityDeveloper ToolsDevOpsOpen SourceSaaS

Comp. & Benefits

Responsibilities

Lead the end-to-end product strategy for the Software Supply Chain Security (SSCS) add-on, defining and evolving the vision across its main pillars

Drive discovery, prioritization, and delivery for capabilities such as dependency firewall, SBOM, malicious package detection, and provenance/attestation, based on customer needs and business impact

Collaborate with engineering managers and engineers to break down complex supply chain security concepts into clear requirements and iterative roadmaps

Partner with cross-functional stakeholders in sales, customer success, and support to understand use cases, validate demand (for example, large ACV opportunities), and enable successful adoption

Engage directly with customers and prospects to explain SSCS and SLSA framework concepts in accessible language, gather feedback, and translate it into product improvements

Analyze market trends and competitive offerings in software composition analysis (SCA), software supply chain security, and related areas to inform positioning and backlog decisions

Define and track product success signals and operational metrics for the SSCS add-on, using data to guide trade-offs and communicate outcomes to leadership

Represent the SSCS domain internally as a subject matter expert, creating simple visuals, narratives, and documentation that help teams across GitLab understand the value and direction of the product

Qualification

Product management experienceSoftware supply chain securityDependency risk analysisSLSA framework knowledgeSoftware composition analysisCollaboration with engineeringTechnical narrative translationOpenness to learning

Required

Product management experience owning complex security products, with a focus on software supply chain security or adjacent areas

Knowledge of software supply chain concepts such as provenance, attestation, signing and verification, and experience with frameworks like SLSA

Experience with dependency risk and software composition analysis (SCA), including working with or around dependency scanning, SBOM, and related tooling

Ability to translate highly technical topics into clear, value-focused narratives for different audiences, including customers and non-technical stakeholders

Experience collaborating with engineering, UX, and cross-functional partners to define roadmaps and ship iterative product improvements

Background in security, DevSecOps, or developer-focused products, or transferable experience in similarly technical B2B SaaS domains

Openness to learning new technologies and frameworks in the supply chain security space, and to contributing effectively in a globally distributed, asynchronous team environment