Engineering Manager, Software Supply Chain Security: Authorization

GitLab is an open core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world. When everyone can contribute, consumers become contributors, significantly accelerating the rate of human progress. This mission is integral to our culture, influencing how we hire, build products, and lead our industry. We make this possible at GitLab by running our operations on our product and staying aligned with our values.

Thanks to products like Duo Enterprise and Duo Workflow, customers get the benefit of AI at every stage of the SDLC. The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier. All team members are encouraged and expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact across our global organisation.

An overview of this role

As an Engineering Manager for the Authorization team at GitLab, you'll lead a talented group of engineers who are fundamentally transforming how permissions work across our platform. You'll be at the forefront of our major authorization systems redesign initiative, guiding your team through exciting challenges like implementing Fine-Grained Access Control and developing our new policy-as-code approach.

At GitLab, we see our team as our product. While you'll need to be technically credible in authorization frameworks and identity management, your primary focus will be on nurturing your team's health, hiring exceptional talent, and positioning them for success. You'll collaborate closely with Product Managers to shape the roadmap for modern authorization features that balance security, usability, and performance at scale. This is a unique opportunity to lead critical infrastructure work that touches every part of the GitLab platform while helping transform our permission systems to be more secure, scalable, and flexible.

Your leadership will be instrumental as we transition from our current Declarative Policies framework to a more sophisticated policy-based system that supports advanced multi-tenancy features and reinforces GitLab's security posture. If you're passionate about building teams and systems that enable secure collaboration at scale, this role offers the chance to make a significant impact on GitLab's future.

What You’ll Do

• Lead a team focused on developing features for Software Supply Chain Security, with a primary focus on authorization systems and user permission models
• Guide the implementation of advanced authorization controls across GitLab's platform
• Collaborate with Product Managers to define and prioritize the roadmap for Supply Chain Security and authorization features in particular
• Stay current with industry standards and best practices in identity and access management, particularly least-privilege and zero-trust access models
• Partner with Security team members to ensure features meet the highest security standards
• Educate and advocate for supply chain security best practices across GitLab
• Represent GitLab in industry forums related to software supply chain security when appropriate

What You’ll Bring

• Experience with authorization systems, identity management, and access control models
• Understanding of policy-as-code approaches (ideally familiarity with Cedar, Rego, or similar policy languages)
• Knowledge of modern authorization frameworks like RBAC, ABAC, FGAC and context-aware authorization systems
• Familiarity with identity federation concepts and tools
• Strong technical leadership abilities to guide the team through complex architectural transitions
• Experience implementing SLSA compliance in production environments is ideal, but not required

Performance Indicators

In addition to the standard Engineering Manager performance indicators, this role will also be measured on:

• Successful implementation of components for the GitLab authorization components and IAM
• Adoption rate of new authorization features by GitLab users
• Reduction in security vulnerabilities related to authorization sub-systems
• Integration completeness with other GitLab security features
• Community engagement around GitLab's supply chain security capabilities
• Documentation quality for supply chain security features

About the team

The Authorization team is responsible for building and maintaining GitLab's permission systems to be more secure, scalable, and flexible. We're currently embarking on a major authorization systems redesign initiative that will fundamentally transform how authorization works across GitLab. The team is focused on key projects including Fine-Grained Access Control, Policy Standardization, and developing a new policy-as-code approach that will replace our current Declarative Policies framework. This work is critical to GitLab's security posture, performance at scale, and ability to support advanced multi-tenancy features.

GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics.