As the Principal Engineer, Software Supply Chain Security, you'll own the technical strategy that secures how software is built and delivered on GitLab's DevSecOps platform. You'll provide architectural leadership across multiple engineering teams.
\nYour work will shape GitLab's enterprise security posture in the rapidly growing software supply chain security market. You'll focus on SLSA Level 3 compliance, secrets management, CI/CD security hardening, and the foundations of GitLab's global zero trust architecture.
\nSome examples of our projects:
\nYou'll lead the end-to-end software supply chain security architecture for GitLab's CI/CD platform, including SLSA Level 3 implementation and CI infrastructure hardening. You'll drive cross-team technical strategy and decisions across our Software Supply Chain Security (SSCS) stage teams, aligning engineering work to SSCS strategic plans.
\nYou'll collaborate with infrastructure and CI/CD teams to design and land long-term initiatives for secure, scalable runner architecture, container isolation, and pipeline security at scale. You'll propose and validate technical implementations that support architectural changes to improve CI/CD scaling and performance on critical paths.
\nYou'll teach, mentor, and coach Staff Engineers and individual contributors, raising the bar on supply chain threat modeling, secrets management, artifact signing, and SBOM lifecycle practices.
\nYou'll partner with Engineering Managers and senior leadership to define roadmaps, break down complex initiatives, and enable Staff Engineers to lead sub-department-wide efforts.
\nYou'll engage with customers and external stakeholders as a technical consultant and spokesperson for GitLab's software supply chain security capabilities and roadmap.
\nYou'll collaborate with product, security, and compliance stakeholders to ensure features meet enterprise security, governance, and regulatory expectations in the software supply chain security market.
\nKey responsibilities include:
\nKey requirements include:
\nPreferred qualifications include:
\nOur Software Supply Chain Security stage engineering teams are responsible for authentication and access within GitLab. We also build features that help customers manage vulnerabilities, dependencies, security policies, and compliance frameworks across their organizations.
\nThe base salary range for this role's listed level is currently for residents of the United States only. This range is intended to reflect the role's base salary rate in locations throughout the US. Grade level and salary ranges are determined through interviews and a review of education, experience, knowledge, skills, abilities of the applicant, equity with other team members, alignment with market data, and geographic location. The base salary range does not include any bonuses, equity, or benefits.
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_a3a1df2f-184","directApply":true,"hiringOrganization":{"@type":"Organization","name":"GitLab","sameAs":"https://about.gitlab.com/","logo":"https://logos.yubhub.co/about.gitlab.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/gitlab/jobs/8373553002","x-work-arrangement":"remote","x-experience-level":"staff","x-job-type":"full-time","x-salary-range":"$157,900-$338,400 USD","x-skills-required":["software supply chain security","threat modeling","SLSA implementation","attestation systems","SBOM generation","lifecycle management","artifact signing","verification","Sigstore ecosystem","Cosign","Fulcio","Rekor","in-toto attestations","CI/CD security","runner isolation","pipeline security controls","secrets management","distributed systems","infrastructure","container security","Kubernetes security","admission controllers","policy controllers","workload isolation","registry hardening","Go","Rust","CI/CD workflows","DevSecOps best practices"],"x-skills-preferred":["background in distributed systems and infrastructure","practical experience with container security and Kubernetes security","proficiency in Go or Rust in a production environment","expert-level understanding of CI/CD workflows and DevSecOps best practices","experience operating as a Principal or Staff Engineer across multiple development teams"],"datePosted":"2026-04-18T15:45:22.426Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Remote, Canada; Remote, Israel; Remote, Netherlands; Remote, United Kingdom; Remote, US"}},"jobLocationType":"TELECOMMUTE","employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"software supply chain security, threat modeling, SLSA implementation, attestation systems, SBOM generation, lifecycle management, artifact signing, verification, Sigstore ecosystem, Cosign, Fulcio, Rekor, in-toto attestations, CI/CD security, runner isolation, pipeline security controls, secrets management, distributed systems, infrastructure, container security, Kubernetes security, admission controllers, policy controllers, workload isolation, registry hardening, Go, Rust, CI/CD workflows, DevSecOps best practices, background in distributed systems and infrastructure, practical experience with container security and Kubernetes security, proficiency in Go or Rust in a production environment, expert-level understanding of CI/CD workflows and DevSecOps best practices, experience operating as a Principal or Staff Engineer across multiple development teams","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":157900,"maxValue":338400,"unitText":"YEAR"}}},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_0ae6f8dc-4fd"},"title":"Staff Engineer, AI Security","description":"Join the team as Twilio's next Staff Engineer, AI Security.
\nAs a Staff Engineer, AI Security on the AppSec team, you'll lead autonomous defense for the AI lifecycle. Build multi-agent frameworks and secure gateways while integrating real-time security gates and identity standards. By mentoring Security and R&D to define the MLSecOps roadmap, you'll ensure a 'secure-by-default' future for agentic workflows and resilient AI innovation.
\nResponsibilities:
\nServe as the primary subject matter expert for all AI and machine learning security initiatives across security and R&D.
\nDesign and manage AI gateways to provide a centralized control plane for authentication and authorization and rate limiting across all model and tool interactions.
\nBuild and maintain an autonomous security agentic framework that utilizes multi agent orchestration for end to end investigation and alert triage and remediation.
\nDevelop agentic identity models using OAuth 2.1 to propagate identity across trust boundaries and prevent the confused deputy problem.
\nHelp govern the AI augmented software development lifecycle by integrating real time security gates into the developer environment and CI/CD pipeline.
\nManage Agentic Security Solutions that secure AI lifecycle and manage AI workloads at runtime.
\nAuthor company wide AI security standards and implement these security checks across Twilio's stack.
\nImplement human in the loop checkpoints and transactional safety protocols for high impact or destructive agentic actions.
\nPartner with engineering leadership to set the long term roadmap for identity centric security and automated posture management.
\nAct as a knowledge multiplier by mentoring security engineers and developing secure by default paved road templates for R&D teams
\nQualifications:
\n8+ years of experience in security engineering with at least 3 years focused on AI or machine learning security operations (MLSecOps).
\nExpertise in orchestrating multi-agent systems with AWS Strands, LangGraph, and CrewAI, specializing in runtime isolation, PII redaction, and defending against indirect prompt injection in agentic environments.
\nHands-on experience with AI-specific frameworks (e.g., MITRE ATLAS, MAESTRO, OWASP Top 10 for LLMs/Agents/MCP) to threat model and defend against a wide spectrum of risks, including direct/indirect prompt injection, training data poisoning, tool poisoning, and data exfiltration within agentic workflows.
\nProficiency in securing end-to-end AI pipelines, from data ingestion and training to model deployment and monitoring.
\nStrong communication skills to translate complex AI risks into actionable business logic for stakeholders.
\nDesired:
\nHands-on experience in modern application security tooling including SAST and SCA and DAST with experience adapting these tools to catch AI specific vulnerabilities like indirect prompt injection.
\nExpertise in identity standards including OAuth 2.1 and PKCE.
\nExperience with AI Red Teaming and conducting adversarial simulations against Large Language Models (LLMs) and agentic systems.
\nProficiency in at least one general programming language (Python, Go, etc) with experience in container security and workload isolation.
\nProven ability to operate with autonomy and drive high impact outcomes in ambiguous environments by identifying and executing on critical projects without predefined roadmaps or direct supervision.
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_0ae6f8dc-4fd","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Twilio","sameAs":"https://www.twilio.com/","logo":"https://logos.yubhub.co/twilio.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/twilio/jobs/7821462","x-work-arrangement":"remote","x-experience-level":"staff","x-job-type":"full-time","x-salary-range":null,"x-skills-required":["security engineering","AI and machine learning security","multi-agent systems","AWS Strands","LangGraph","CrewAI","runtime isolation","PII redaction","indirect prompt injection","AI-specific frameworks","MITRE ATLAS","MAESTRO","OWASP Top 10 for LLMs/Agents/MCP","end-to-end AI pipelines","data ingestion","training","model deployment","monitoring","strong communication skills"],"x-skills-preferred":["modern application security tooling","SAST and SCA and DAST","identity standards","OAuth 2.1","PKCE","AI Red Teaming","adversarial simulations","Large Language Models","container security","workload isolation"],"datePosted":"2026-04-18T15:44:10.579Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Remote - Ireland"}},"jobLocationType":"TELECOMMUTE","employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"security engineering, AI and machine learning security, multi-agent systems, AWS Strands, LangGraph, CrewAI, runtime isolation, PII redaction, indirect prompt injection, AI-specific frameworks, MITRE ATLAS, MAESTRO, OWASP Top 10 for LLMs/Agents/MCP, end-to-end AI pipelines, data ingestion, training, model deployment, monitoring, strong communication skills, modern application security tooling, SAST and SCA and DAST, identity standards, OAuth 2.1, PKCE, AI Red Teaming, adversarial simulations, Large Language Models, container security, workload isolation"},{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_41528416-21c"},"title":"Staff+ Software Security Engineer","description":"About Anthropic
\nAnthropic's mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.
\nAbout the Team
\nThe Security Engineering team protects Anthropic's AI systems and maintains the trust of our users and society. We define the authentication architecture for our training infrastructure, design the cryptographic foundations that protect model weights and training data, and drive the developer security program that shapes how engineers build and ship software.
\nAbout the role:
\nDeveloper security and supply chain
\nIdentity and secrets management
\nInfrastructure security
\nSecure frameworks
\nYou may be a good fit if you have:
\nStrong candidates may also have:
\nDeadline to apply:
\nNone, applications will be received on a rolling basis.
\nThe annual compensation range for this role is listed below.
\nFor sales roles, the range provided is the role’s On Target Earnings ("OTE") range, meaning the total amount of money an employee is expected to earn in a year, including bonuses and other forms of compensation.
\nXML job scraping automation by YubHub
","url":"https://yubhub.co/jobs/job_41528416-21c","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Anthropic","sameAs":"https://job-boards.greenhouse.io","logo":"https://logos.yubhub.co/anthropic.com.png"},"x-apply-url":"https://job-boards.greenhouse.io/anthropic/jobs/5120512008","x-work-arrangement":"hybrid","x-experience-level":"staff","x-job-type":"full-time","x-salary-range":"The annual compensation range for this role is listed below.\n\nFor sales roles, the range provided is the role’s On Target Earnings (\"OTE\") range, meaning the total amount of money an employee is expected to earn in a year, including bonuses and other forms of compensation.","x-skills-required":["Python","Go","Rust","C/C++","Kubernetes","RBAC","namespaces","network policies","service accounts","identity systems","cryptographic primitives","secrets management"],"x-skills-preferred":["Nix","Bazel","Kubernetes-based deploy systems","SPIFFE/SPIRE","mTLS","Linux systems internals","namespaces","cgroups","seccomp","container and workload isolation","multi-cloud environments","network segmentation","data protection","access governance","admission controllers","CNI-level policy","service mesh security","east-west traffic enforcement","runtime security monitoring","eBPF","kernel security policies"],"datePosted":"2026-03-08T13:52:38.657Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"San Francisco, CA | New York City, NY | Seattle, WA"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"Python, Go, Rust, C/C++, Kubernetes, RBAC, namespaces, network policies, service accounts, identity systems, cryptographic primitives, secrets management, Nix, Bazel, Kubernetes-based deploy systems, SPIFFE/SPIRE, mTLS, Linux systems internals, namespaces, cgroups, seccomp, container and workload isolation, multi-cloud environments, network segmentation, data protection, access governance, admission controllers, CNI-level policy, service mesh security, east-west traffic enforcement, runtime security monitoring, eBPF, kernel security policies"}]}