Manager, Security Incident Response Team

📋 Description

• Oversee daily team operations by setting clear objectives, performance standards, and accountability for direct reports; track progress and ensure timely delivery of high-quality outcomes.

• Cultivate and mentor incident responders by offering honest, real-time feedback; provide guidance on career advancement; and nurture a culture of investigative excellence, emphasizing thoroughness and precision in analysis.

• Actively identify and address talent shortages by engaging in hiring processes, focusing on candidates who will enhance GitLab's values and elevate the team's technical capabilities.

• Foster engagement and retention by acknowledging team members' contributions, promptly addressing engagement risks, and creating an environment that encourages open feedback and psychological safety.

• Communicate organizational context by translating division and company-wide strategies into clear, actionable priorities for the team; keep team members updated in a timely manner.

• Establish and refine incident response procedures by developing and enhancing runbooks, protocols, and team capabilities that convert strategic plans into tactical execution.

• Lead incident response efforts by acting as an escalation point and incident commander for high-severity events, which may include occasional nights and weekends; exemplify the standard for high-quality investigations.

• Facilitate cross-functional collaboration by effectively coordinating with peer SecOps teams, Legal, Customer Support, and Infrastructure to resolve incidents and address defense gaps through actionable retrospective mitigations.

• Align the team on defensive enhancements by deriving insights from alerts, investigations, and incidents to bolster GitLab's security posture and promote a "shift left" mentality.

• Advocate for remote-first practices by consistently modeling and mentoring team members on GitLab's remote working best practices, asynchronous communication norms, and handbook-first culture.

⛳️ Requirements

• Demonstrated experience in people management with a proven track record of leading and developing a team of security engineers, setting performance expectations, providing coaching, and ensuring accountability for outcomes.

• Leadership in incident response with practical experience in managing complex incident response operations, including large-scale incident coordination and overseeing the entire lifecycle from triage to retrospective.

• Hands-on technical expertise with experience in conducting security investigations and log analysis using SIEM tools (e.g., Splunk, Elastic); working knowledge of GCP and/or AWS, including cloud forensics.

• Customer-facing credibility, comfortable representing GitLab Security in customer escalations and high-profile cybersecurity discussions.

• Proactive threat hunting and intelligence skills, with proficiency in threat hunting based on intelligence and familiarity with supply chain threats targeting SaaS platforms.

• AI and automation approach, with experience utilizing AI/LLMs to enhance incident response workflows and automate repetitive tasks.

• Familiarity with platforms, especially experience using GitLab (or a similar DevSecOps platform) for project tracking; bonus points for experience addressing threats against a SaaS platform.

• Ability to prioritize under pressure, making sound operational decisions quickly, escalating issues appropriately, and guiding the team in balancing urgency with importance.

• Due to government regulations, you must be a United States Citizen (defined as any individual who is a citizen of the United States by law, birth, or naturalization) to qualify for this role.

🏝️ Benefits

• Comprehensive benefits to support your health, financial stability, and overall well-being.

• Flexible Paid Time Off.

• Access to Team Member Resource Groups.

• Equity Compensation & Employee Stock Purchase Plan.

• Growth and Development Fund.

• Parental Leave.