Senior Manager, Security Incident Response Team (USA)

Описание вакансии

GitLab is the intelligent orchestration platform for DevSecOps. GitLab enables organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. More than 50 million registered users and more than 50% of the Fortune 100\* trust GitLab to ship better, more secure software faster.

The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier, with all team members expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact. GitLab is where careers accelerate, innovation flourishes, and every voice is valued. Our high-performance culture is driven by our values and continuous knowledge exchange, enabling our team members to reach their full potential while collaborating with industry leaders to solve complex problems. Co-create the future with us as we build technology that transforms how the world develops software.

\*Fortune 500® is a registered trademark of Fortune Media IP Limited, used under license. Claim based on GitLab data. Fortune 100 refers to the top 20% ranked companies in the 2025 Fortune 500 list, published in June 2025. Fortune and Fortune Media IP Limited are not affiliated with, and do not endorse products or services of GitLab.

An overview of this role

We’re looking for a senior manager to lead the GitLab security incident response team (SIRT) in the Americas region. GitLab SIRT manages and investigates cybersecurity incidents for all GitLab operating environments and operates in a tierless SOC model. GitLab SIRT is responsible for threat hunting, alert triage, security investigations, deep dive DFIR, large scale incident response, among other responsibilities. This person should have a technical background, be comfortable leading a team that owns the full incident lifecycle from alert triage to incident retrospective actions, be skilled in leading large complex incidents, and training others to do the same.

We are looking for a person who makes good business decisions under pressure and someone who is always looking for opportunities to “shift left” and improve defenses, leveraging AI and automation where possible to optimize workflows. In this role you will develop incident responders and maintain a culture of high performance - leading incident response and defending GitLab infrastructure and products such as GitLab.com, GitLab Dedicated, and GitLab Dedicated for Government (FedRAMP).

This role requires availability during US West Coast business hours. Candidates based on the West Coast are preferred, though candidates in other time zones who are comfortable working these hours are also welcome to apply. This role may require some after hours and weekend time to support SIRT engineers during high severity incidents.

Find out more about the Security Operations Department here:

• Security Incident Response Team
• Trust and Safety Team
• Security Logging Team
• Red Team
• Signals Engineering Team

What you’ll do

• Serve as trusted advisor as part of the security division’s leadership team, actively shaping the program direction.
• Build and mature incident response runbooks, procedures, and capabilities.
• Provide leadership to multiple security operations team shifts that will sometimes require you to work on nights or weekends.
• Develop a culture of incident response excellence through a focus on investigation depth and accuracy.
• Lead cross-functional collaboration between peer SecOps teams, security departments, and extended support teams such as Legal, Customer Support, and Infrastructure.
• Foster a defense first mindset through actionable incident retrospective mitigations to close defense gaps, making GitLab a hard target for attackers.
• Lead a team of expert security engineers with experience in security automation, deep dive forensics and incident response, AI detection and response capabilities, and GitLab the product.
• Support response readiness and expertise about new GitLab corporate and product capabilities and features.
• Drive insights from the alerts, investigations, and incidents handled by SIRT to improve the security posture of GitLab.

What you’ll bring

• Experience assisting customers during high visibility and urgency security incidents and being comfortable representing GitLab Security during customer cybersecurity questions and escalations.
• Proven ability to deliver results across a global incident response team of 10+ engineers, and matrixed teams such as the Security division, and supporting R&D teams (Product, Engineering, Infrastructure, etc).
• Proven experience in incident response leadership and large scale incident coordination.
• Experience conducting investigations and log analysis using SIEM tools, such as Splunk or Elastic.
• Working knowledge of Google Cloud Platform (GCP) and/or AWS as well as cloud forensics
• Proficiency in proactive hunting based on threat intelligence
• Experience using GitLab (or a related DevSecOps platform like GitHub) for project tracking - Bonus points if you have experience responding to threats against a SaaS platform.
• A passion for investigation quality and depth of analysis - prioritizing quality over speed.
• Experience using AI/LLMs to automate and improve incident response processes and capabilities.
• An understanding of supply chain threats and how to defend a SaaS platform against such threats.

Due to government requirements, you must be a United States Citizen (defined as any individual who is a citizen of the United States by law, birth, or naturalization) to fill this position.

About the team

The Security Incident Response Team is a globally distributed team of incident response engineers split across three core regions; AMER, APAC and EMEA, and is at the forefront of security events that impact both GitLab’s products and company. We are both proactive and reactive, responding to security alerts, leading security investigations, conducting threat hunts and collaborating with peer Security Operations teams to conduct purple teaming exercises, build threat detections, improve security telemetry and investigate trending threats. Even though we’re a global team, we work together in a cross-regional manner and have automation and processes to facilitate collaboration when resolving incidents, handovers, and general collaboration for project work as well.

The base salary range for this role’s listed level is currently for residents of the United States only. This range is intended to reflect the role's base salary rate in locations throughout the US. Grade level and salary ranges are determined through interviews and a review of education, experience, knowledge, skills, abilities of the applicant, equity with other team members, alignment with market data, and geographic location. The base salary range does not include any bonuses, equity, or benefits. See more information on our benefits and equity. Sales roles are also eligible for incentive pay targeted at up to 100% of the offered base salary.

United States Salary Range

$168,000—$280,000 USD

How GitLab will support you

• Benefits to support your health, finances, and well-being
• Flexible Paid Time Off
• Team Member Resource Groups
• Equity Compensation & Employee Stock Purchase Plan
• Growth and Development Fund
• Parental leave
• Home office support

Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application.

Country Hiring Guidelines: GitLab hires new team members in countries around the world. All of our roles are remote, however some roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process.

Privacy Policy: Please review our Recruitment Privacy Policy. Your privacy is important to us.

GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics. See also GitLab’s EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know during the recruiting process.