Manager, Security Incident Response Team (USA)
About The Position
GitLab is seeking a Manager to lead the Security Incident Response Team (SIRT) in the Americas region. This role involves managing and investigating cybersecurity incidents across all GitLab operating environments within a tierless SOC model. The team is responsible for threat hunting, alert triage, security investigations, deep-dive DFIR, and large-scale incident response. The manager will oversee the day-to-day work of incident response engineers, setting performance expectations, coaching growth, and ensuring quality results. The ideal candidate will have a strong technical background, be comfortable owning the incident lifecycle, and skilled at developing others. This role requires making sound operational decisions under pressure, actively seeking opportunities to 'shift left' by improving defenses and leveraging AI/automation, and implementing program direction to defend GitLab infrastructure and products. The position requires availability during US West Coast business hours, with a preference for candidates on the West Coast, and may require some after-hours and weekend coverage for high-severity incidents.
Requirements
- Proven people management experience with a track record of managing and developing a team of security engineers.
- Demonstrated experience leading complex incident response operations, including large-scale incident coordination and the full lifecycle from triage to retrospective.
- Hands-on technical background with experience in security investigations and log analysis using SIEM tools (e.g., Splunk, Elastic).
- Working knowledge of GCP and/or AWS, including cloud forensics.
- Comfortable representing GitLab Security during customer escalations and high-visibility cybersecurity discussions.
- Proficiency in threat hunting based on intelligence.
- Familiarity with supply chain threats targeting SaaS platforms.
- Experience using AI/LLMs to improve incident response workflows and automate repetitive processes.
- Experience using GitLab (or a comparable DevSecOps platform) for project tracking.
- Ability to make sound operational decisions quickly, escalate issues cleanly, and guide the team on balancing urgent versus important tasks.
- Must be a United States Citizen.
Nice To Haves
- Experience responding to threats against a SaaS platform.
Responsibilities
- Manage day-to-day team operations, establishing clear goals, performance expectations, and accountability for direct reports.
- Develop and coach incident responders, providing feedback, advising on career growth, and fostering a culture of investigation excellence.
- Proactively identify and fill talent gaps by participating in hiring decisions.
- Drive engagement and retention by recognizing contributions, addressing risks, and creating an environment of open feedback and psychological safety.
- Cascade organizational context, translating strategy into clear, actionable team priorities.
- Implement and mature incident response processes, building and improving runbooks and procedures.
- Lead incident response, serving as an escalation point and incident commander for high-severity events, including occasional nights and weekends.
- Enable cross-functional collaboration with peer SecOps teams, Legal, Customer Support, and Infrastructure.
- Align the team on defensive improvements, driving insights to improve GitLab's security posture and support a 'shift left' mindset.
- Champion remote-first practices, modeling and coaching team members on best practices for remote working, async communication, and handbook-first culture.
Benefits
- Flexible Paid Time Off
- Team Member Resource Groups
- Equity Compensation & Employee Stock Purchase Plan
- Growth and Development Fund
- Parental Leave
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Manager
Education Level
No Education Listed
