Senior Manager, Security Incident Response Team (USA)

GitLab

6h•Remote

About The Position

We’re looking for a senior manager to lead the GitLab security incident response team (SIRT) in the Americas region. GitLab SIRT manages and investigates cybersecurity incidents for all GitLab operating environments and operates in a tierless SOC model. GitLab SIRT is responsible for threat hunting, alert triage, security investigations, deep dive DFIR, large scale incident response, among other responsibilities. This person should have a technical background, be comfortable leading a team that owns the full incident lifecycle from alert triage to incident retrospective actions, be skilled in leading large complex incidents, and training others to do the same. We are looking for a person who makes good business decisions under pressure and someone who is always looking for opportunities to “shift left” and improve defenses, leveraging AI and automation where possible to optimize workflows. In this role you will develop incident responders and maintain a culture of high performance - leading incident response and defending GitLab infrastructure and products such as GitLab.com, GitLab Dedicated, and GitLab Dedicated for Government (FedRAMP). This role requires availability during US West Coast business hours. Candidates based on the West Coast are preferred, though candidates in other time zones who are comfortable working these hours are also welcome to apply. This role may require some after hours and weekend time to support SIRT engineers during high severity incidents.

Requirements

Experience assisting customers during high visibility and urgency security incidents and being comfortable representing GitLab Security during customer cybersecurity questions and escalations.
Proven ability to deliver results across a global incident response team of 10+ engineers, and matrixed teams such as the Security division, and supporting R&D teams (Product, Engineering, Infrastructure, etc).
Proven experience in incident response leadership and large scale incident coordination.
Experience conducting investigations and log analysis using SIEM tools, such as Splunk or Elastic.
Working knowledge of Google Cloud Platform (GCP) and/or AWS as well as cloud forensics
Proficiency in proactive hunting based on threat intelligence
Experience using GitLab (or a related DevSecOps platform like GitHub) for project tracking
A passion for investigation quality and depth of analysis - prioritizing quality over speed.
Experience using AI/LLMs to automate and improve incident response processes and capabilities.
An understanding of supply chain threats and how to defend a SaaS platform against such threats.

Nice To Haves

Bonus points if you have experience responding to threats against a SaaS platform.

Responsibilities

Serve as trusted advisor as part of the security division’s leadership team, actively shaping the program direction.
Build and mature incident response runbooks, procedures, and capabilities.
Provide leadership to multiple security operations team shifts that will sometimes require you to work on nights or weekends.
Develop a culture of incident response excellence through a focus on investigation depth and accuracy.
Lead cross-functional collaboration between peer SecOps teams, security departments, and extended support teams such as Legal, Customer Support, and Infrastructure.
Foster a defense first mindset through actionable incident retrospective mitigations to close defense gaps, making GitLab a hard target for attackers.
Lead a team of expert security engineers with experience in security automation, deep dive forensics and incident response, AI detection and response capabilities, and GitLab the product.
Support response readiness and expertise about new GitLab corporate and product capabilities and features.
Drive insights from the alerts, investigations, and incidents handled by SIRT to improve the security posture of GitLab.