Principal Engineer, Software Supply Chain Security

At GitLab, we are not just an open-core software company; we are pioneers in developing the most advanced AI-powered DevSecOps Platform that serves over 100,000 organizations worldwide. Our mission is to empower individuals to contribute to and co-create the software that drives our modern world. By transforming consumers into contributors, we significantly accelerate human progress. Our platform bridges the gaps between teams and organizations, revolutionizing the possibilities in software development. Our innovative products, including Duo Enterprise and Duo Agent Platform, provide AI advantages at every phase of the Software Development Life Cycle (SDLC).We embrace AI as an essential productivity enhancer, encouraging all team members to integrate AI into their daily tasks to boost efficiency, foster innovation, and make a substantial impact. At GitLab, you will find a culture where careers thrive, innovation is celebrated, and every voice is heard. Our commitment to high performance is aligned with our core values and continuous knowledge sharing, allowing our team to reach their full potential while collaborating with industry experts to tackle complex challenges. Join us in co-creating the future as we develop technology that reshapes how software is created around the globe.Role OverviewAs the Principal Engineer for Software Supply Chain Security, you will be at the forefront of defining and executing the technical strategy that secures the construction and delivery of software on GitLab’s DevSecOps platform. You will provide architectural direction across multiple engineering teams, collaborating closely with infrastructure and CI/CD teams to fortify our pipelines, infrastructure, and access layers. Your contributions will play a critical role in shaping GitLab’s enterprise security framework within the rapidly evolving software supply chain security landscape. You will prioritize SLSA Level 3 compliance, secrets management, CI/CD security enhancements, and the foundational elements of GitLab’s global zero trust architecture. Additionally, you will mentor Staff Engineers and individual contributors, guiding essential technical decisions while acting as a key spokesperson for GitLab’s secure, mission-critical SaaS that supports millions of pipelines.Examples of our ongoing projects include:Achieving SLSA Level 3 compliance and provenance attestation across GitLab's offerings...

At GitLab, we are on a mission to revolutionize software development through our cutting-edge AI-powered DevSecOps Platform, trusted by over 100,000 organizations worldwide. Our goal is to empower everyone to contribute to and create the software that shapes our future. By fostering a culture where consumers become contributors, we accelerate human progress and innovation. Our platform facilitates seamless collaboration across teams and organizations, breaking down barriers and redefining the possibilities in software development. With products like Duo Enterprise and Duo Agent Platform, we integrate AI across the entire Software Development Life Cycle (SDLC) for maximum efficiency.At GitLab, we embrace AI as a fundamental productivity enhancer. Every team member is encouraged to weave AI into their daily tasks, driving innovation, efficiency, and impact. Join us where your career can soar, innovation is nurtured, and every voice is heard. Our high-performance culture, anchored by our core values, promotes continuous knowledge sharing, allowing our team members to achieve their full potential while working alongside industry leaders to tackle complex challenges. Join us in co-creating the future as we build technology that transforms how the world develops software.Role OverviewAs the Engineering Manager for Software Supply Chain Security: Pipeline Security, you will lead a dedicated team focused on enhancing the security and trustworthiness of GitLab CI pipelines for thousands of organizations. You will oversee the design and delivery of critical Software Supply Chain Security features, concentrating on CI job artifact security. This includes the implementation of the SLSA (Supply-chain Levels for Software Artifacts) framework in GitLab CI/CD and the integration of essential capabilities like SBOM, software composition analysis, and vulnerability management. Your role will involve treating your team as a product, ensuring team well-being, recruiting and nurturing a high-performing group of engineers, and working closely with Product Management and Security to fulfill roadmap commitments. Together, you will enhance users' ability to safeguard their software supply chains.Some examples of our projects:Pipeline Security Enhancements

At GitLab, we are at the forefront of innovation as an open-core software company, providing the most comprehensive AI-powered DevSecOps Platform utilized by over 100,000 organizations worldwide. Our mission is to empower everyone to contribute to the software that shapes our world. By fostering a culture of collaboration, we enable consumers to become contributors, accelerating human progress significantly. Our platform unifies teams and organizations, dismantling barriers, and redefining the realms of possibility in software development. Through our products like Duo Enterprise and Duo Agent Platform, our customers harness AI benefits throughout the Software Development Life Cycle (SDLC).Our team embodies the same principles we instill in our products, embracing AI as a vital productivity enhancer. Every team member is expected to integrate AI into their daily workflows to amplify efficiency, spark innovation, and drive meaningful impact. GitLab is where careers thrive, innovation flourishes, and every voice matters. Our high-performance culture, guided by our values and continuous knowledge exchange, empowers our team members to achieve their full potential while collaborating with industry leaders to tackle complex challenges. Join us in shaping the future as we develop technology that transforms global software development.Role OverviewAs part of our growth strategy, GitLab is expanding its Software Supply Chain Security (SSCS) product line to seize a massive market opportunity projected to be valued at $3-8 billion, with an expected enterprise adoption rate of 85% by 2028. Regulatory mandates such as EO 14028 and the EU Cyber Resilience Act, alongside a surge in supply chain attacks like SolarWinds and Shai-Hulud, underline the urgent demand for innovative security solutions.In your role as the Staff Product Manager for Software Supply Chain Security (SSCS), you will spearhead the strategy and delivery of a pioneering product line that secures every aspect surrounding the code, extending beyond the code itself. You will oversee a suite of product pillars within the software supply chain, encompassing provenance, attestation, signing and verification, Software Bill of Materials (SBOM), malicious package detection, and a dependency firewall. Reporting to the Security & Compliance product area, you will collaborate closely with engineering, UX, and cross-functional partners to translate complex frameworks such as SLSA into clear, valuable capabilities that address pressing security needs.

About UsAt Coalition, we are pioneering the concept of Active Insurance, aimed at preventing digital risks before they materialize. Established in 2017, Coalition integrates extensive insurance coverage with cutting-edge cybersecurity tools, empowering businesses to effectively manage and mitigate potential cyber threats.Here, the opportunity to create meaningful impact through innovative thinking is not just a possibility, it's a daily reality.About the RoleWe are seeking a highly skilled Principal Software Engineer to join our Security Engineering organization. This pivotal role involves tackling Wirespeed’s most intricate detection and integration workflows. You will take full ownership of essential backend services and integrations, overseeing everything from architecture and design to implementation, rollout, and quality assurance. Enjoy the freedom to define the technical trajectory of Wirespeed’s detection and enrichment systems while acting as a technical multiplier for the engineering team.ResponsibilitiesDesign and implement core backend services and integrations that enhance Wirespeed’s detection and enrichment platform.Manage high-impact integrations with critical security tools (such as EDR, identity providers, and SIEMs), focusing on reliability, performance, and maintainability.Collaborate with detection engineering and security operations to convert detection strategies into robust, production-quality logic and pipelines.Establish technical standards for code quality, testing, and observability, ensuring consistent adoption through design and code reviews.Mentor and guide senior engineers, assisting them in navigating complex architectural decisions and developing scalable, secure solutions.

Join Our Dynamic Team:As a key member of our Supply Chain team, you will take on the role of Supply Chain Specialist, responsible for procurement, inventory management, and demand forecasting for a specific product range, while enhancing the customer experience.Your role will involve maintaining production schedules with contracted manufacturers, ensuring that our Enterprise Resource Planning (ERP) software parameters are updated, and participating in the continuous improvement of supply chain processes.Your Daily Responsibilities:Prepare purchase orders to ensure uninterrupted product availability and timely delivery to customers.Manage delivery schedules with suppliers and contracted manufacturers.Cultivate strong supplier relationships.Keep the production schedule for finished products and subassemblies current in close collaboration with the sales team.Evaluate and manage stock levels across various warehouses to maintain supply consistency.Analyze sales forecast reports and stock shortages to guarantee product availability.Communicate delivery dates and shipping information with the sales team, customer service, and suppliers.Assist in mapping and enhancing supply chain processes, including procurement and logistics.Acquire necessary knowledge for entering and maintaining ERP software parameters.Oversee the return process to suppliers.Coordinate and perform administrative tasks related to the above responsibilities (accounts payable, transaction modifications, etc.).Support Accounts Payable and Logistics in reconciling shipping slips and invoices as needed.

Join Groupe Helios as a Supply Chain Agent where you will play a vital role in enhancing our supply chain operations. As part of our dynamic team, you will manage procurement processes, coordinate with suppliers, and ensure timely delivery of goods. This is an exciting opportunity for individuals passionate about logistics and supply chain management.

Telesat is seeking a dynamic and detail-oriented Supply Chain Contract Specialist to join our team in Ottawa. In this role, you will be responsible for managing and optimizing the supply chain contract processes to ensure efficiency and compliance. You will collaborate with various departments to support procurement activities and establish strong relationships with suppliers.

Join Future Works as a Fullstack EngineerAt Future Works, we are pioneering the future of operational transformation with cutting-edge AI and data systems. Our mission is to enhance sustainability and resilience through optimized resource utilization. As a team of 'Time Benders', we are redefining timelines for major companies across energy, real estate, data, and more.We are committed to creating exceptional, AI-driven solutions that surpass conventional service standards. Our journey is just beginning, and we aspire to become the leading Service-as-Software provider globally. Our ideal candidate is passionate about developing human-AI systems that empower teams and individuals alike, bringing energy and a drive for innovation.Your RoleAs a Fullstack Engineer, you will take charge of crafting a secure decision-support application that enhances operational efficiency. Your expertise will contribute to developing a robust web interface and backend services, enabling planners and stakeholders to confidently navigate complex operational data.In collaboration with Solutions Architects, Data Engineers, Business Analysts, and QA Engineers, you will translate intricate supply chain logic into a reliable, production-ready solution.Key ResponsibilitiesDesign and maintain the core React and TypeScript web application and backend services that facilitate planner workflows and decision support.Create data-rich interfaces including tables, filters, comparison views, dashboards, and visualizations that clarify complex outputs.Integrate optimization engines, model outputs, and business rules into product flows, ensuring recommendations are actionable and contextually relevant.Implement secure authentication and role-based access suitable for a high-scrutiny environment.Develop and manage APIs, background jobs, and orchestration to support data workflows and user responsiveness.Collaborate with Business Analysts and Subject Matter Advisors to convert operational rules and constraints into effective product features.

About Carfair Composites Carfair Composites specializes in fiber-reinforced plastic design and composite technology. As part of the NFI Group, Carfair supports propulsion-agnostic bus and coach mobility solutions, with manufacturing and distribution centers across North America, including Winnipeg, Manitoba. The company’s products serve a range of industries, including agriculture, automotive, construction, transportation, commercial, food processing, and medical. Role Overview This full-time onsite position is based in Winnipeg, Manitoba. The Director of Supply Chain Management leads all supply chain functions within the Fabrication (Fabco) division and reports to the Lead Director of Business Operations. The scope includes procurement, planning, materials management, and logistics. The director ensures efficient, compliant, and cost-effective movement of materials and finished goods, supporting business growth and service quality while managing risk. Why Carfair Composites? Work on projects advancing the electrification of mass mobility worldwide. Competitive salary and a comprehensive benefits package, effective immediately. Paid holidays and vacation time. Registered pension plan with a strong company match. Contribute to a better product, a better workplace, and a better world. Inclusive workplace culture that values every team member. On-the-job training in a continuous learning environment (Carfair invested $15.9 million in 2024). Opportunities for advancement within the NFI Group family of companies. Recognized as one of Manitoba’s Top 25 employers. Key Responsibilities Develop and execute a supply chain strategy that aligns with company goals and financial targets. Oversee procurement and sourcing, including supplier selection, contract negotiation, and supplier performance management to achieve quality, cost, and service standards. Lead demand and supply planning, along with materials management, to improve service levels and optimize working capital. Maintain inventory accuracy and integrity through effective controls and cycle counting, supporting manufacturing and financial goals. Direct logistics and transportation to ensure timely, compliant, and cost-effective delivery of products. Set and track key performance indicators (KPIs) to drive operational excellence.

About the Role Videotron is looking for a Supply Chain Intern to join the team in Montréal. This internship provides hands-on experience in the telecommunications sector, working closely with the procurement group. What You Will Do Assist with inventory management tasks Communicate with suppliers on routine matters Support data analysis projects for the procurement team What You’ll Gain Exposure to supply chain operations in a leading telecom company Opportunities to build practical skills in procurement and logistics Experience contributing to Videotron’s customer service mission

Join us as a Principal Software Engineer, where you'll play a pivotal role in designing and developing innovative software solutions that empower organizations to optimize their hiring processes. As a key member of our engineering team, you'll collaborate with top-tier talent, utilizing cutting-edge technologies to create software that redefines the future of recruitment.Lever, founded a decade ago, is on a mission to revolutionize the way companies attract and hire exceptional talent. Our platform is trusted by industry leaders like Netflix, Shopify, and Spotify, and we've established ourselves as innovators in the talent acquisition space. Recognized as the #1 workplace in San Francisco and a top employer in the United States, we take pride in our people-first culture and are committed to nurturing our talented workforce.

The Supply Chain Rotational Program Associate position at Arc'teryx Equipment Inc. is designed for recent graduates interested in starting a career in supply chain management. This full-time, permanent role is based at the North Vancouver Head Office and the Manufacturing facility in New Westminster. Candidates must have eligibility to work in Canada. Program Structure Associates participate in a rotational program that spans several teams within the Supply Chain organization. Each rotation is tailored to the individual's background and interests, providing hands-on experience and exposure to a range of supply chain functions. Key Responsibilities Collaborate with multiple supply chain teams to understand end-to-end processes Engage with senior leaders and mentors for guidance and support Share insights and learnings with the Supply Chain leadership team through presentations Reflect on career goals and lay the groundwork for future professional growth Team Environment The Arc'teryx Supply Chain team transforms product concepts into reality and manages delivery to guests, wholesale partners, and retail stores. The team works across eight specialized groups and partners with various external organizations to maintain an efficient flow of products.

Join our dynamic team at Kaseya as a Principal Software Engineer, where you will lead the design and implementation of innovative software solutions. You will collaborate with cross-functional teams, mentor junior engineers, and drive best practices in software development.

Who are we?At Cohere, our mission is to harness the power of intelligence for the benefit of humanity. We specialize in training and deploying cutting-edge models for developers and enterprises, enabling them to create innovative AI systems that deliver extraordinary experiences in content generation, semantic search, retrieval-augmented generation (RAG), and intelligent agents. Our endeavors are pivotal in accelerating the global adoption of AI technologies.We are dedicated to excellence in our craft. Each team member plays an essential role in enhancing the capabilities of our models and the value they provide to our clients. Our culture is built on hard work, rapid iteration, and a relentless focus on what is best for our customers.Cohere is comprised of a diverse team of researchers, engineers, designers, and more—each a leader in their field. We believe that diverse perspectives are crucial for creating exceptional products.Join us in our quest to shape the future of AI!About the RoleAre you passionate about secure software engineering? Do you aspire to be at the forefront of AI innovation and security? Our North team at Cohere is on the lookout for a Senior Software Engineer focusing on security to join us in our mission and make a substantial impact. This is not merely an advisory position; you will take ownership of and deliver production-level security features that our clients rely upon daily.Your Role:As a Senior Software Engineer with a specialization in security, your contributions will be vital in architecting and securing North's infrastructure. Your responsibilities will encompass:Software Development: Actively participate in the core development of security features like OIDC/OAuth flows and session management, ensuring the security of North's AI agents.Secure Coding: Write robust code to manage OIDC tokens, user claims, and sensitive information, following best practices for JWT validation and encryption.Authentication and Data Protection: Implement authentication protocols, including user login, token management, and authorization checks to safeguard data integrity.Tool Integration: Integrate new security tools to enhance North's capabilities.DevSecOps: Design and execute secret management in Kubernetes clusters, focusing on encryption and role-based access control (RBAC).Cross-functional Collaboration: Utilize strong communication skills to convey security best practices to stakeholders clearly and effectively.You may be a great fit if:You have 5+ years of experience in building secure software applications.You possess a deep understanding of security protocols and practices.You are proficient in coding languages and frameworks relevant to security development.You have a track record of successful collaboration in cross-functional teams.

What’s the Role?Join us as a Supply Chain Specialist where your passion for optimizing processes and making informed, data-driven decisions will shine. In this dynamic position, you will facilitate tactical procurement across diverse categories, foster robust supplier relationships, and ensure that our organization has access to the right products and services at the right time and value.What You’ll Be DoingSupporting the development of category strategy roadmaps and executing sourcing plans.Assisting in the creation and finalization of Master Service Agreements (MSAs), including pricing and commercial terms.Managing fixed-asset procurement and leasing requirements, along with tactical sourcing across multiple categories.Enhancing procurement and supply chain processes for continuous improvement.Identifying and assessing suppliers through Requests for Proposals (RFPs) and input from stakeholders.Spotting opportunities for supplier, SKU, or specification rationalization.Identifying cost savings and value-add opportunities within designated categories.Collaborating closely with suppliers and internal stakeholders to cultivate strong relationships.Working with teams across Canada and the U.S. to identify efficiencies and shared opportunities.Communicating procurement updates and category initiatives throughout the organization.Facilitating the smooth implementation of new category strategies and process changes.

Join our dynamic team at American Iron and Metal as a Supply Chain Specialist! In this vital role, you will contribute to optimizing our supply chain operations, ensuring efficiency and effectiveness in procurement processes. You will work closely with various departments to facilitate seamless operations and drive cost efficiency.

Our Mission at DotmaticsAt Dotmatics, we are convinced that the integration of science, data, and informed decision-making is essential for driving innovation forward.Our comprehensive portfolio encompasses cutting-edge solutions including Luma, LumaLab Connect, ELN Platform, Graphpad Prism, Geneious, SnapGene, Protein Metrics, OMIQ, FCS Express, LabArchives, NQuery, EasyPanel, MStar, SoftGenetics, and Virscidian.Join Us in Shaping the Future of ScienceWe envision a revolutionary Lab of the Future that will redefine the landscape of scientific research.We have developed the most extensive digital science platform globally, featuring best-in-class software applications utilized by over 2 million scientists. These applications coexist within a unified ecosystem, powered by a flexible and robust enterprise data platform. This is not mere static data; it represents dynamic, multi-dimensional decision-making.To achieve tomorrow's breakthroughs, scientific enterprises require enhanced effectiveness. Time is of the essence—illness and ecological challenges do not wait. We are relentless in our vision because the moment for innovation is now.Collaborative Team EnvironmentOur global team of over 800 professionals is dedicated to assisting customers in more than 180 countries. Together with our community of scientific users, we are accelerating scientific innovation to create a healthier, cleaner, and safer world.As a member of our collaborative global team, your contributions will have a meaningful impact, driving scientific progress and discovery. We provide a dynamic, remote-friendly environment that emphasizes integrity and collaboration, enabling you to thrive. Dotmatics is a company founded by scientists, for scientists. Together, we are the largest cloud-based scientific research R&D platform globally, and we need your expertise to continue our growth and pioneering efforts. Our Core Values: Science Driven. Customer Centric. Better Together.

Join Thinkific, a leading learning commerce platform, dedicated to transforming knowledge into impactful learning experiences. We integrate community, courses, and content with commerce to empower businesses to grow their revenue and reach millions of learners globally.With a dynamic team of over 300 Thinkers, we are committed to enhancing online learning, supporting educational enterprises, and making a tangible difference in the world. You will collaborate with passionate and innovative teammates who are dedicated to their craft and the audiences they serve.We prioritize a fair, inclusive, and human-centered hiring process. Our team is here to support you throughout your application journey, ensuring you are well-informed at every stage!We are seeking a Principal Software Engineer to elevate our engineering team at Thinkific. In this role, you will be a catalyst for excellence, promoting best practices and mentoring fellow engineers to enhance their skill sets. You will serve as a vital link between technical execution and business strategy, shaping the long-term technical roadmaps of our systems and architecture. You will articulate the technical features of our products, align ongoing work across multiple products with business objectives, and inspire your colleagues toward shared goals.Your key responsibilities will include:Leading a strategic technical area within R&D, ensuring that technical choices drive business success and impact.Owning the overall architecture and collaborating on task prioritization, implementation details, technology stack decisions, and system health across your domains, in alignment with the overarching technical strategy set by the Lead Architect.Partnering with engineering leaders and the Lead Architect to develop a roadmap and break tasks into manageable pieces for engineering teams.Guiding senior engineers in developing and maintaining systems and features within your oversight, ensuring alignment with the vision you have established.Collaborating with the Director of Engineering to stay informed about future business strategies and jointly manage domain ownership from both technical and strategic perspectives.Writing and reviewing technical documentation related to your business and technical domains while mentoring other engineers in the documentation process.

Location: Remote, Canada or US GitLab Inc. is hiring a Software Security Engineer to work remotely from Canada or the US. This role focuses on strengthening security across the GitLab product and developing tools that detect and prevent abuse on SaaS platforms. The position is part of the Trust and Safety team, which manages core abuse prevention systems and delivers features that help keep customers safe, such as Compromised Password Detection for GitLab.com. What you will do Implement security improvements directly within the GitLab product Develop and maintain tools to identify and prevent abuse on SaaS platforms Analyze abuse patterns and trends, designing systems to stop malicious user activity Support customer safety by building and maintaining prevention mechanisms Who this role suits This position is well suited to software engineers who want to move into security engineering. Experience working with large Ruby on Rails codebases is important. Formal security engineering experience is not required. Learn more Additional details about the Trust and Safety team and this role’s responsibilities can be found in the GitLab handbook and blog. For more on Compromised Password Detection, see this post.

Join our dynamic team at Segula Technologies as a Supply Chain Agent in Montreal. In this pivotal role, you will be responsible for optimizing supply chain processes, ensuring efficient logistics, and collaborating with various stakeholders to enhance operational efficiency. If you are passionate about supply chain management and thrive in a fast-paced environment, we want to hear from you!