Senior Manager, Security Incident Response Team (USA)

We’re looking for a senior manager to lead the GitLab security incident response team (SIRT) in the Americas region. GitLab SIRT manages and investigates cybersecurity incidents for all GitLab operating environments and operates in a tierless SOC model. GitLab SIRT is responsible for threat hunting, alert triage, security investigations, deep dive DFIR, large scale incident response, among other responsibilities. This person should have a technical background, be comfortable leading a team that owns the full incident lifecycle from alert triage to incident retrospective actions, be skilled in leading large complex incidents, and training others to do the same. 

We are looking for a person who makes good business decisions under pressure and someone who is always looking for opportunities to “shift left” and improve defenses, leveraging AI and automation where possible to optimize workflows. In this role you will develop incident responders and maintain a culture of high performance - leading incident response and defending GitLab infrastructure and products such as GitLab.com, GitLab Dedicated, and GitLab Dedicated for Government (FedRAMP). 

This role requires availability during US West Coast business hours. Candidates based on the West Coast are preferred, though candidates in other time zones who are comfortable working these hours are also welcome to apply. This role may require some after hours and weekend time to support SIRT engineers during high severity incidents. 

Find out more about the Security Operations Department here:

• Security Incident Response Team
• Trust and Safety Team
• Security Logging Team
• Red Team
• Signals Engineering Team

What you’ll do  

• Serve as trusted advisor as part of the security division’s leadership team, actively shaping the program direction. 
• Build and mature incident response runbooks, procedures, and capabilities. 
• Provide leadership to multiple security operations team shifts that will sometimes require you to work on nights or weekends.
• Develop a culture of incident response excellence through a focus on investigation depth and accuracy. 
• Lead cross-functional collaboration between peer SecOps teams, security departments, and extended support teams such as Legal, Customer Support, and Infrastructure. 
• Foster a defense first mindset through actionable incident retrospective mitigations to close defense gaps, making GitLab a hard target for attackers. 
• Lead a team of expert security engineers with experience in security automation, deep dive forensics and incident response, AI detection and response capabilities, and GitLab the product. 
• Support response readiness and expertise about new GitLab corporate and product capabilities and features.
• Drive insights from the alerts, investigations, and incidents handled by SIRT to improve the security posture of GitLab.                     

What you’ll bring 

• Experience assisting customers during high visibility and urgency security incidents and being comfortable representing GitLab Security during customer cybersecurity questions and escalations. 
• Proven ability to deliver results across a global incident response team of 10+ engineers, and matrixed teams such as the Security division, and supporting R&D teams (Product, Engineering, Infrastructure, etc).
• Proven experience in incident response leadership and large scale incident coordination. 
• Experience conducting investigations and log analysis using SIEM tools, such as Splunk or Elastic. 
• Working knowledge of Google Cloud Platform (GCP) and/or AWS as well as cloud forensics
• Proficiency in proactive hunting based on threat intelligence
• Experience using GitLab (or a related DevSecOps platform like GitHub) for project tracking - Bonus points if you have experience responding to threats against a SaaS platform.
• A passion for investigation quality and depth of analysis - prioritizing quality over speed. 
• Experience using AI/LLMs to automate and improve incident response processes and capabilities.  
• An understanding of supply chain threats and how to defend a SaaS platform against such threats. 

 Due to government requirements, you must be a United States Citizen (defined as any individual who is a citizen of the United States by law, birth, or naturalization) to fill this position.

About the team

The Security Incident Response Team is a globally distributed team of incident response engineers split across three core regions; AMER, APAC and EMEA, and is at the forefront of security events that impact both GitLab’s products and company. We are both proactive and reactive, responding to security alerts, leading security investigations, conducting threat hunts and collaborating with peer Security Operations teams to conduct purple teaming exercises, build threat detections, improve security telemetry and investigate trending threats. Even though we’re a global team, we work together in a cross-regional manner and have automation and processes to facilitate collaboration when resolving incidents, handovers, and general collaboration for project work as well.