Senior Product Manager, Software Supply Chain Security: Authentication & Identity

GitLab is an open core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world. When everyone can contribute, consumers become contributors, significantly accelerating the rate of human progress. This mission is integral to our culture, influencing how we hire, build products, and lead our industry. We make this possible at GitLab by running our operations on our product and staying aligned with our values.

Thanks to products like Duo Enterprise and Duo Workflow, customers get the benefit of AI at every stage of the SDLC. The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier. All team members are encouraged and expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact across our global organization.

An overview of this role

As a Product Manager for Authentication & Identity at GitLab, you'll own the strategic roadmap for both human and machine authentication across our platform. You'll be responsible for driving the product vision that transforms GitLab from a monolithic authentication system to the modern GitLab Adaptive Trust Environment (GATE) - one of the most ambitious authentication architecture redesigns in the enterprise software space.

This role sits at the intersection of enterprise security, developer experience, and massive scale engineering challenges. You'll define the product strategy for authentication systems that serve millions of users on GitLab.com while supporting diverse deployment models from air-gapped environments to multi-cloud enterprise installations. Your decisions will directly impact how GitLab's authentication infrastructure scales to support our Cells architecture and enables true multi-tenant organizations.

You'll work closely with two specialized engineering teams - Human Authentication & Identity and Machine-to-Machine Authentication & Tokens - to deliver a unified authentication experience that balances security, usability, and performance. This includes leading the product strategy for consolidating 10+ token types into a unified system, implementing enterprise-grade identity protocols, and enabling advanced features like Workload Identity Federation.

Your work will be instrumental in reducing GitLab's authentication-related security incidents while enabling new business opportunities through improved enterprise customer onboarding and developer productivity.

This role is an extension of the Product Manager position.

What You'll Do

Strategic Product Leadership

• Own the end-to-end product strategy for GitLab's authentication and identity systems, covering both human users and machine-to-machine authentication
• Define the product roadmap for the GitLab Adaptive Trust Environment (GATE), including Identity and Access Management (IAM) Service, GitLab STS (Secure Token Service), and Auth Proxy components
• Drive product decisions that balance security requirements, enterprise customer needs, developer experience, and technical feasibility across diverse deployment models
• Collaborate with Security, Engineering, and Customer Success teams to translate complex technical architecture into clear business value propositions

Enterprise Identity & Authentication Strategy

• Lead product strategy for enterprise identity protocols (SAML, LDAP, OIDC) that must scale to millions of authentication requests daily
• Define requirements for organization-scoped identity features that enable true multi-tenancy within GitLab's Cells architecture
• Drive the product vision for session management migration from GitLab Rails to distributed authentication services

Machine Identity & Token Management

• Define the product strategy for consolidating GitLab's 10+ token types into a unified, secure token management system
• Lead the product roadmap for GitLab STS (Secure Token Service) and advanced token security features like DPoP (Demonstration of Proof-of-Possession)
• Drive the vision for Workload Identity Federation, enabling external identity providers to integrate securely with GitLab
• Own the product strategy for service accounts, GitLab Runner Identity, and mTLS infrastructure

Cross-Functional Collaboration & Customer Focus

• Partner with Engineering Managers to balance technical debt reduction with new feature development
• Collaborate with Customer Success and Sales teams to understand enterprise customer authentication pain points and requirements
• Work closely with Security teams to ensure product decisions align with zero-trust principles and threat modeling

What You'll Bring

Product Management Experience

• 5+ years of product management experience, preferably with enterprise software or developer tools
• Proven track record of managing complex technical products with multiple stakeholder groups
• Experience working with both B2B enterprise customers and developer-focused user bases
• Strong analytical skills and experience using data to inform product decisions

Technical Depth & Domain Knowledge

• Deep understanding of enterprise authentication protocols: SAML, LDAP, OIDC, OAuth
• Familiarity with modern authentication patterns: zero-trust, context-aware authentication, token-based security
• Knowledge of distributed systems challenges, including performance, scalability, and reliability concerns

Enterprise & Developer Experience

• Experience with enterprise customer onboarding and identity integration challenges
• Understanding of developer workflows and how authentication impacts developer productivity
• Knowledge of CI/CD systems and machine-to-machine authentication patterns
• Familiarity with multi-tenant software architecture and organization boundary management

Strategic & Communication Skills

• Proven ability to translate complex technical concepts into clear business value propositions
• Experience managing product roadmaps through major architectural transitions
• Strong stakeholder management skills across engineering, security, sales, and customer success teams
• Excellent written and verbal communication skills for technical and non-technical audiences

About the team

The Authentication & Identity product area spans two specialized engineering teams within GitLab's Software Supply Chain Security stage: Human Authentication & Identity and Machine-to-Machine Authentication & Tokens. This structure was specifically designed to address the complexity of GitLab's authentication challenges while enabling focused expertise in each domain.

You'll work with world-class engineers who are tackling some of the most challenging problems in distributed authentication systems: global authentication consistency, multi-tenant security isolation, zero-downtime migrations of critical infrastructure, and the performance requirements of serving authentication requests at GitLab.com scale.

Your product strategy will directly impact millions of users across GitLab.com, thousands of enterprise customers with complex identity requirements, and countless developers who depend on secure, frictionless authentication in their daily workflows.

Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application.

GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics. If you have a disability or special need that requires accommodation, please let us know during the recruiting process.