Manager, Security Incident Response Team (USA)

Details

GitLab is hiring a manager to lead the Security Incident Response Team (SIRT) in the Americas region. SIRT manages and investigates cybersecurity incidents across GitLab operating environments and operates in a tierless SOC model. The team is responsible for threat hunting, alert triage, security investigations, deep-dive DFIR, and large-scale incident response. This role emphasizes incorporating AI and automation into team workflows and requires availability during US West Coast business hours.

Responsibilities

• Manage day-to-day team operations: establish goals, performance expectations, and accountability; monitor progress and ensure timely delivery of quality results.
• Develop and coach incident responders: provide candid, real-time feedback; advise on career growth; foster a culture of investigation excellence prioritizing depth and accuracy.
• Participate in hiring and proactively fill talent gaps to raise the team's technical bar.
• Drive engagement and retention: recognize contributions and address engagement risks early.
• Cascade organizational context: translate division and company strategy into clear, actionable team priorities.
• Implement and mature incident response processes: build and improve runbooks, procedures, and team capabilities.
• Lead incident response: serve as escalation point and incident commander for high-severity events (occasional nights/weekends may be required).
• Enable cross-functional collaboration with peer SecOps teams, Legal, Customer Support, and Infrastructure to resolve incidents and close defense gaps.
• Align the team on defensive improvements: drive insights from alerts, investigations, and incidents to improve GitLab's security posture and support a "shift left" mindset.
• Champion remote-first practices and model GitLab's async communication norms and handbook-first culture.

Requirements

• Proven people management experience managing and developing security engineers, setting performance expectations, providing coaching, and driving accountability.
• Incident response leadership with experience leading complex incident response operations and the full lifecycle from triage to retrospective.
• Hands-on technical background conducting security investigations and log analysis using SIEM tools (e.g., Splunk, Elastic).
• Working knowledge of GCP and/or AWS, including cloud forensics.
• Comfortable representing GitLab Security during customer escalations and high-visibility cybersecurity discussions (customer-facing credibility).
• Proficiency in proactive threat hunting and familiarity with threat intelligence and supply chain threats targeting SaaS platforms.
• Experience using AI/LLMs and automation to improve incident response workflows and automate repetitive processes.
• Familiarity with GitLab or comparable DevSecOps platforms; bonus for experience responding to threats against a SaaS platform.
• Ability to prioritize under pressure and make sound operational decisions quickly.
• Due to government requirements, applicants must be United States citizens.

Location & Hours

• Remote (United States). Candidates must be based in the US and be available during US West Coast business hours; West Coast–based candidates preferred. Some after-hours and weekend coverage may be required.

Compensation

• United States base salary range: $150,000 - $235,000 USD (base salary only; does not include bonuses, equity, or benefits).

About the Team

• SIRT is a globally distributed team across AMER, APAC, and EMEA. The team responds to security alerts, leads security investigations, conducts threat hunts, collaborates on purple teaming exercises, builds threat detections, improves telemetry, and investigates trending threats.

Benefits

• Flexible Paid Time Off and benefits supporting health, finances, and well-being.
• Team Member Resource Groups, Equity Compensation & Employee Stock Purchase Plan, Growth and Development Fund, Parental Leave.