Principal Engineer, Software Supply Chain Security

At GitLab, we are on a mission to revolutionize software development through our cutting-edge AI-powered DevSecOps Platform, trusted by over 100,000 organizations worldwide. Our goal is to empower everyone to contribute to and create the software that shapes our future. By fostering a culture where consumers become contributors, we accelerate human progress and innovation. Our platform facilitates seamless collaboration across teams and organizations, breaking down barriers and redefining the possibilities in software development. With products like Duo Enterprise and Duo Agent Platform, we integrate AI across the entire Software Development Life Cycle (SDLC) for maximum efficiency.At GitLab, we embrace AI as a fundamental productivity enhancer. Every team member is encouraged to weave AI into their daily tasks, driving innovation, efficiency, and impact. Join us where your career can soar, innovation is nurtured, and every voice is heard. Our high-performance culture, anchored by our core values, promotes continuous knowledge sharing, allowing our team members to achieve their full potential while working alongside industry leaders to tackle complex challenges. Join us in co-creating the future as we build technology that transforms how the world develops software.Role OverviewAs the Engineering Manager for Software Supply Chain Security: Pipeline Security, you will lead a dedicated team focused on enhancing the security and trustworthiness of GitLab CI pipelines for thousands of organizations. You will oversee the design and delivery of critical Software Supply Chain Security features, concentrating on CI job artifact security. This includes the implementation of the SLSA (Supply-chain Levels for Software Artifacts) framework in GitLab CI/CD and the integration of essential capabilities like SBOM, software composition analysis, and vulnerability management. Your role will involve treating your team as a product, ensuring team well-being, recruiting and nurturing a high-performing group of engineers, and working closely with Product Management and Security to fulfill roadmap commitments. Together, you will enhance users' ability to safeguard their software supply chains.Some examples of our projects:Pipeline Security Enhancements

At GitLab, we are at the forefront of innovation as an open-core software company, providing the most comprehensive AI-powered DevSecOps Platform utilized by over 100,000 organizations worldwide. Our mission is to empower everyone to contribute to the software that shapes our world. By fostering a culture of collaboration, we enable consumers to become contributors, accelerating human progress significantly. Our platform unifies teams and organizations, dismantling barriers, and redefining the realms of possibility in software development. Through our products like Duo Enterprise and Duo Agent Platform, our customers harness AI benefits throughout the Software Development Life Cycle (SDLC).Our team embodies the same principles we instill in our products, embracing AI as a vital productivity enhancer. Every team member is expected to integrate AI into their daily workflows to amplify efficiency, spark innovation, and drive meaningful impact. GitLab is where careers thrive, innovation flourishes, and every voice matters. Our high-performance culture, guided by our values and continuous knowledge exchange, empowers our team members to achieve their full potential while collaborating with industry leaders to tackle complex challenges. Join us in shaping the future as we develop technology that transforms global software development.Role OverviewAs part of our growth strategy, GitLab is expanding its Software Supply Chain Security (SSCS) product line to seize a massive market opportunity projected to be valued at $3-8 billion, with an expected enterprise adoption rate of 85% by 2028. Regulatory mandates such as EO 14028 and the EU Cyber Resilience Act, alongside a surge in supply chain attacks like SolarWinds and Shai-Hulud, underline the urgent demand for innovative security solutions.In your role as the Staff Product Manager for Software Supply Chain Security (SSCS), you will spearhead the strategy and delivery of a pioneering product line that secures every aspect surrounding the code, extending beyond the code itself. You will oversee a suite of product pillars within the software supply chain, encompassing provenance, attestation, signing and verification, Software Bill of Materials (SBOM), malicious package detection, and a dependency firewall. Reporting to the Security & Compliance product area, you will collaborate closely with engineering, UX, and cross-functional partners to translate complex frameworks such as SLSA into clear, valuable capabilities that address pressing security needs.

Who are we?At Cohere, our mission is to harness the power of intelligence for the benefit of humanity. We specialize in training and deploying cutting-edge models for developers and enterprises, enabling them to create innovative AI systems that deliver extraordinary experiences in content generation, semantic search, retrieval-augmented generation (RAG), and intelligent agents. Our endeavors are pivotal in accelerating the global adoption of AI technologies.We are dedicated to excellence in our craft. Each team member plays an essential role in enhancing the capabilities of our models and the value they provide to our clients. Our culture is built on hard work, rapid iteration, and a relentless focus on what is best for our customers.Cohere is comprised of a diverse team of researchers, engineers, designers, and more—each a leader in their field. We believe that diverse perspectives are crucial for creating exceptional products.Join us in our quest to shape the future of AI!About the RoleAre you passionate about secure software engineering? Do you aspire to be at the forefront of AI innovation and security? Our North team at Cohere is on the lookout for a Senior Software Engineer focusing on security to join us in our mission and make a substantial impact. This is not merely an advisory position; you will take ownership of and deliver production-level security features that our clients rely upon daily.Your Role:As a Senior Software Engineer with a specialization in security, your contributions will be vital in architecting and securing North's infrastructure. Your responsibilities will encompass:Software Development: Actively participate in the core development of security features like OIDC/OAuth flows and session management, ensuring the security of North's AI agents.Secure Coding: Write robust code to manage OIDC tokens, user claims, and sensitive information, following best practices for JWT validation and encryption.Authentication and Data Protection: Implement authentication protocols, including user login, token management, and authorization checks to safeguard data integrity.Tool Integration: Integrate new security tools to enhance North's capabilities.DevSecOps: Design and execute secret management in Kubernetes clusters, focusing on encryption and role-based access control (RBAC).Cross-functional Collaboration: Utilize strong communication skills to convey security best practices to stakeholders clearly and effectively.You may be a great fit if:You have 5+ years of experience in building secure software applications.You possess a deep understanding of security protocols and practices.You are proficient in coding languages and frameworks relevant to security development.You have a track record of successful collaboration in cross-functional teams.

Location: Remote, Canada or US GitLab Inc. is hiring a Software Security Engineer to work remotely from Canada or the US. This role focuses on strengthening security across the GitLab product and developing tools that detect and prevent abuse on SaaS platforms. The position is part of the Trust and Safety team, which manages core abuse prevention systems and delivers features that help keep customers safe, such as Compromised Password Detection for GitLab.com. What you will do Implement security improvements directly within the GitLab product Develop and maintain tools to identify and prevent abuse on SaaS platforms Analyze abuse patterns and trends, designing systems to stop malicious user activity Support customer safety by building and maintaining prevention mechanisms Who this role suits This position is well suited to software engineers who want to move into security engineering. Experience working with large Ruby on Rails codebases is important. Formal security engineering experience is not required. Learn more Additional details about the Trust and Safety team and this role’s responsibilities can be found in the GitLab handbook and blog. For more on Compromised Password Detection, see this post.

Discover OktaAt Okta, we are revolutionizing identity management. Our mission is to enable individuals to securely utilize any technology, anytime, on any device or application. Through our versatile Okta Platform and Auth0 Platform, we deliver secure access, authentication, and automation, placing identity at the forefront of business security and growth.We value diverse perspectives and experiences at Okta. We're not just seeking candidates who meet every requirement; instead, we are looking for lifelong learners who can enrich our team with their unique insights.Join us in creating a world where identity is in your hands.The TeamOur Workforce Identity Cloud Security Engineering group is at the cutting edge of innovation, turning visionary ideas into top-notch security software solutions that support large-scale, mission-critical applications. Our security engineering team possesses a unique skill set that merges security expertise with the ability to design, implement, and deploy security features seamlessly, enhancing product functionality without hindrance. We are committed to elevating customer safety and privacy through robust security services integrated with the Okta core product.The RoleWe are in search of a seasoned and enthusiastic Staff Software Security Engineer to join our Workforce Identity Cloud Security Engineering group. This role focuses on architecting and developing security solutions that strengthen our frameworks and infrastructure. You will be encouraged to implement defense-in-depth strategies, adhere to industry security standards, and uphold the principle of least privilege, thereby enhancing our security posture.This high-impact position is set within a security-focused, dynamic organization that is on the brink of significant growth and achievement. You will serve as a key liaison between the Security and Engineering teams, forging technical synergies and shaping the security roadmap. Your efforts will concentrate on enhancing security and privacy aspects across our services, executing on a weekly release schedule. You will have the autonomy to propose exciting new projects for our roadmap and engage in initiatives utilizing cutting-edge technologies. Join us and contribute to transforming the cloud computing landscape.What You Will DoCollaborate with engineering and security teams to define innovative security roadmap requirements.Advocate security best practices and promote secure coding methodologies.

About Us:At Cohere, our mission is to enhance intelligence for the betterment of humanity. We specialize in training and deploying cutting-edge models for developers and enterprises, empowering them to create remarkable AI-driven experiences such as content generation, semantic search, retrieval-augmented generation (RAG), and intelligent agents. We believe our efforts are pivotal in advancing the widespread integration of AI.We take immense pride in our creations, and each team member plays a crucial role in enhancing our models and delivering exceptional value to our clients. Our culture is rooted in hard work and agility, always prioritizing the needs of our customers.Cohere brings together a diverse team of researchers, engineers, designers, and more, all deeply passionate about their respective fields. We recognize that a variety of perspectives is key to developing outstanding products.Join our mission to shape the future of AI!Why This Position Matters:Are you driven by a passion for secure software development? Do you aspire to be at the forefront of AI innovation while ensuring enterprise security? Join Cohere's North team as a Senior Software Engineer focused on security, and make a meaningful impact.Your Responsibilities:In this pivotal role, you will be instrumental in constructing and securing the architecture of North, our AI workspace platform. Your key responsibilities will include:Designing and deploying security features for North, our AI workspace platform.Creating autonomous agents capable of interacting securely with sensitive enterprise data.Developing minimal code that operates in low-resource environments, adhering to rigorous deployment standards.Integrating new tools to enhance the security features of North.Reinventing solutions as needed to meet stringent security and privacy requirements, sometimes necessitating the development of custom solutions.Conducting application security testing to ensure your code withstands real-world threats.Ideal Candidate Profile:5+ years of experience in software engineering with a solid emphasis on developing user-facing security features.Proficient in Python with a proven track record of deploying production-level code.Strong analytical skills and a problem-solving mindset, capable of tackling complex challenges within security frameworks.Familiarity with security testing methodologies and tools.

About UsAt Coalition, we are pioneering the concept of Active Insurance, aimed at preventing digital risks before they materialize. Established in 2017, Coalition integrates extensive insurance coverage with cutting-edge cybersecurity tools, empowering businesses to effectively manage and mitigate potential cyber threats.Here, the opportunity to create meaningful impact through innovative thinking is not just a possibility, it's a daily reality.About the RoleWe are seeking a highly skilled Principal Software Engineer to join our Security Engineering organization. This pivotal role involves tackling Wirespeed’s most intricate detection and integration workflows. You will take full ownership of essential backend services and integrations, overseeing everything from architecture and design to implementation, rollout, and quality assurance. Enjoy the freedom to define the technical trajectory of Wirespeed’s detection and enrichment systems while acting as a technical multiplier for the engineering team.ResponsibilitiesDesign and implement core backend services and integrations that enhance Wirespeed’s detection and enrichment platform.Manage high-impact integrations with critical security tools (such as EDR, identity providers, and SIEMs), focusing on reliability, performance, and maintainability.Collaborate with detection engineering and security operations to convert detection strategies into robust, production-quality logic and pipelines.Establish technical standards for code quality, testing, and observability, ensuring consistent adoption through design and code reviews.Mentor and guide senior engineers, assisting them in navigating complex architectural decisions and developing scalable, secure solutions.

Join our dynamic team at Opendoor as a Software Engineer in Security Engineering. In this pivotal role, you will be responsible for designing, implementing, and maintaining robust security systems to protect our platform and user data. You will collaborate with cross-functional teams to identify vulnerabilities and develop effective security measures. If you are passionate about software development and cybersecurity, we want to hear from you!

About Carfair Composites Carfair Composites specializes in fiber-reinforced plastic design and composite technology. As part of the NFI Group, Carfair supports propulsion-agnostic bus and coach mobility solutions, with manufacturing and distribution centers across North America, including Winnipeg, Manitoba. The company’s products serve a range of industries, including agriculture, automotive, construction, transportation, commercial, food processing, and medical. Role Overview This full-time onsite position is based in Winnipeg, Manitoba. The Director of Supply Chain Management leads all supply chain functions within the Fabrication (Fabco) division and reports to the Lead Director of Business Operations. The scope includes procurement, planning, materials management, and logistics. The director ensures efficient, compliant, and cost-effective movement of materials and finished goods, supporting business growth and service quality while managing risk. Why Carfair Composites? Work on projects advancing the electrification of mass mobility worldwide. Competitive salary and a comprehensive benefits package, effective immediately. Paid holidays and vacation time. Registered pension plan with a strong company match. Contribute to a better product, a better workplace, and a better world. Inclusive workplace culture that values every team member. On-the-job training in a continuous learning environment (Carfair invested $15.9 million in 2024). Opportunities for advancement within the NFI Group family of companies. Recognized as one of Manitoba’s Top 25 employers. Key Responsibilities Develop and execute a supply chain strategy that aligns with company goals and financial targets. Oversee procurement and sourcing, including supplier selection, contract negotiation, and supplier performance management to achieve quality, cost, and service standards. Lead demand and supply planning, along with materials management, to improve service levels and optimize working capital. Maintain inventory accuracy and integrity through effective controls and cycle counting, supporting manufacturing and financial goals. Direct logistics and transportation to ensure timely, compliant, and cost-effective delivery of products. Set and track key performance indicators (KPIs) to drive operational excellence.

About RootlyAt Rootly, we are dedicated to transforming how organizations respond to incidents, striving to enhance reliability across all sectors. Our cutting-edge incident management platform empowers companies globally to address incidents swiftly and effectively. We're not just redefining an industry; we're pioneering a new multi-billion dollar segment and require exceptional talent to help us realize this ambitious vision.Our clients include some of the fastest-growing names in the world, such as NVIDIA, Figma, Canva, Tripadvisor, and Squarespace, who trust Rootly to streamline their critical incident management processes. They appreciate our robust, enterprise-ready platform and collaborative partnership model, consistently rating us 5 stars on G2.Our investors share our enthusiasm. Backed by prominent funds including Y Combinator, along with industry leaders from Dropbox and GitHub, we prioritize transparency in our culture. Monthly financial reviews keep our team informed about the business's health, and our weekly changelog keeps everyone updated on our developments.About the RoleAs a Senior Security Engineer, you will be instrumental in advancing our security initiatives, working closely with diverse teams to ensure the reliability and scalability of our products. You will design systems, tools, and solutions that secure our mission-critical applications while contributing to organization-wide efforts to automate, optimize, and enhance our security protocols.Develop security solutions that not only meet rigorous standards but also exceed the expectations of our developers and customers.Play a key role in vital security initiatives, including identity and access management, vulnerability management, incident response, security control implementation, and infrastructure security.Collaborate closely with engineering teams to deliver secure, reliable, and scalable solutions for our valued customers.With our expanding customer base, tackle intriguing technical challenges to scale our product effectively.Participate in the on-call rotation, swiftly addressing and resolving security incidents as they occur.

Join Groupe Helios as a Supply Chain Agent where you will play a vital role in enhancing our supply chain operations. As part of our dynamic team, you will manage procurement processes, coordinate with suppliers, and ensure timely delivery of goods. This is an exciting opportunity for individuals passionate about logistics and supply chain management.

Telesat is seeking a dynamic and detail-oriented Supply Chain Contract Specialist to join our team in Ottawa. In this role, you will be responsible for managing and optimizing the supply chain contract processes to ensure efficiency and compliance. You will collaborate with various departments to support procurement activities and establish strong relationships with suppliers.

About UsSophos is at the forefront of cybersecurity, delivering cutting-edge solutions designed to combat and thwart cyber threats. Following the acquisition of Secureworks in February 2025, we have merged two industry pioneers to transform the cybersecurity landscape with our innovative, AI-optimized services. As the largest dedicated provider of Managed Detection and Response (MDR), we serve over 28,000 organizations worldwide. Our comprehensive portfolio encompasses top-tier endpoint, network, email, and cloud security solutions that seamlessly integrate through the Sophos Central platform. With Secureworks' market-leading Taegis XDR/MDR, our offerings also include identity threat detection and response (ITDR), next-gen SIEM capabilities, and extensive advisory services. We protect more than 600,000 entities globally from phishing, ransomware, data breaches, and various cyber crimes, backed by real-time threat intelligence from our Sophos X-Ops and the Counter Threat Unit (CTU). Our headquarters are located in Oxford, U.K. For more details, visit www.sophos.com.Role Overview We are seeking a talented Senior Software Engineer to spearhead the product development lifecycle within our AI security team. In this role, you will be responsible for architecting and delivering AI-driven products, including LLM workflows, automation systems, and intelligent software, across both frontend and backend environments. This position offers a high degree of autonomy and encourages proactive problem-solving; you will have the opportunity to define challenges, make swift decisions, and exercise strong engineering judgment, directly influencing our approach to scaling and enhancing software solutions powered by AI.

About the Role MongoDB is looking for a Senior Software Engineer to join the Server Security team in Toronto. This group sits at the heart of MongoDB’s engineering organization, building security features that help users protect their data worldwide. The work spans core elements of the MongoDB database, with a focus on security, reliability, and performance. What You Will Work On Cryptography: Develop and maintain cryptographic features such as Queryable Encryption, at-rest encryption, and other foundational crypto components. Identity & Access: Design and improve authentication and authorization systems, manage TLS, and handle X.509 certificate processes. Network Security: Build high-performance networking protocols using PKI, hashing, and certificate revocation lists (CRLs). System Integrity: Strengthen resilience, observability, and compliance across MongoDB’s distributed database infrastructure. Team Culture The Server Security team values inclusivity, diversity, and close collaboration. Engineers here apply distributed systems concepts to advance the security of a widely used database platform. The work supports application developers, system architects, and database administrators around the globe.

About the Role Elastic is looking for a Senior Software Engineer to join the Security Platform Team. This position focuses on building and improving security solutions that help safeguard customer data and maintain system integrity. What You Will Do Design, develop, and enhance software for the Security Platform Work closely with teams across engineering, product, and operations Participate in code reviews to support quality and maintainability Contribute to agile development processes Location This role is open to candidates based in Canada.

Samsara builds Connected Operations Cloud technology that supports organizations in agriculture, construction, field services, transportation, and manufacturing. The platform uses IoT data to help these industries improve safety, efficiency, and sustainability. As a public company, Samsara empowers team members to influence the future of physical operations, offering both independence and support. Role overview The Senior Security Engineer - Enterprise Security focuses on building, operating, and maintaining security infrastructure for Samsara’s corporate environment. This position collaborates with a global engineering team to develop a security engineering program that follows current best practices. What you will do Work with stakeholders to design security solutions that balance protection with usability Develop automated alerting and response tools for security events Contribute insights on potential threats in production environments Mentor and support junior engineers within the security team Requirements Experience with a range of security technologies and practices Ability to collaborate with global engineering teams Strong communication skills for partnering with stakeholders Located in Canada within the Pacific Standard Time zone This is a fully remote position based in Canada, limited to candidates within the Pacific Standard Time zone.

Join Kubra as the Manager of Security Operations, where you will play a pivotal role in safeguarding our organizational assets and ensuring the safety of our operations. This leadership position requires a proactive approach to security management, involving the development and implementation of comprehensive security strategies. You will work closely with cross-functional teams to strengthen our security posture and mitigate risks effectively.

About Tailscale Tailscale is revolutionizing the Internet by providing software that facilitates secure connections between individuals and their devices, regardless of their location. Our platform is utilized daily by everyone from hobbyists to multinational corporations, helping teams of all sizes safeguard their networks and access internal tools seamlessly. Founded in 2019, our fully distributed team is backed by prominent investors including Accel, CRV, Insight, Heavybit, and Uncork Capital, and we are committed to creating a sensible and safe future for the Internet.Job DescriptionWe are on the lookout for a skilled Security Software Engineer to join our product security team. This role is critical for advancing Tailscale’s mission while enhancing user safety. Candidates should possess the ability to think critically, collaborate with highly technical teams, and thrive in an asynchronous work environment.

Join Homebase as a Staff Security Engineer specializing in Application Security in a hybrid work environment. In this pivotal role, you will be responsible for enhancing our security posture while ensuring that our applications remain safe and secure. You will collaborate with cross-functional teams to identify vulnerabilities, implement security controls, and promote best practices in application development.We seek a proactive individual who is passionate about cybersecurity and eager to contribute to building robust security solutions. You will play a key role in shaping the security framework of our applications.