GitLab is an open-core software company that develops an AI-powered DevSecOps Platform. They are seeking a Staff Product Manager for Software Supply Chain Security to lead the strategy and delivery of a new product line that secures the software supply chain, collaborating closely with engineering and cross-functional partners.
Responsibilities:
- Lead the end-to-end product strategy for the Software Supply Chain Security (SSCS) add-on, defining and evolving the vision across its main pillars
- Drive discovery, prioritization, and delivery for capabilities such as dependency firewall, SBOM, malicious package detection, and provenance/attestation, based on customer needs and business impact
- Collaborate with engineering managers and engineers to break down complex supply chain security concepts into clear requirements and iterative roadmaps
- Partner with cross-functional stakeholders in sales, customer success, and support to understand use cases, validate demand (for example, large ACV opportunities), and enable successful adoption
- Engage directly with customers and prospects to explain SSCS and SLSA framework concepts in accessible language, gather feedback, and translate it into product improvements
- Analyze market trends and competitive offerings in software composition analysis (SCA), software supply chain security, and related areas to inform positioning and backlog decisions
- Define and track product success signals and operational metrics for the SSCS add-on, using data to guide trade-offs and communicate outcomes to leadership
- Represent the SSCS domain internally as a subject matter expert, creating simple visuals, narratives, and documentation that help teams across GitLab understand the value and direction of the product
Requirements:
- Product management experience owning complex security products, with a focus on software supply chain security or adjacent areas
- Knowledge of software supply chain concepts such as provenance, attestation, signing and verification, and experience with frameworks like SLSA
- Experience with dependency risk and software composition analysis (SCA), including working with or around dependency scanning, SBOM, and related tooling
- Ability to translate highly technical topics into clear, value-focused narratives for different audiences, including customers and non-technical stakeholders
- Experience collaborating with engineering, UX, and cross-functional partners to define roadmaps and ship iterative product improvements
- Background in security, DevSecOps, or developer-focused products, or transferable experience in similarly technical B2B SaaS domains
- Openness to learning new technologies and frameworks in the supply chain security space, and to contributing effectively in a globally distributed, asynchronous team environment