Manager, Security Incident Response Team (USA)

What You'll Do

• Manage day-to-day team operations - establish clear goals, performance expectations, and accountability for direct reports; monitor progress and ensure timely delivery of quality results.
• Develop and coach incident responders - provide candid, real-time feedback; advise on career growth; and foster a culture of investigation excellence, prioritizing depth and accuracy of analysis.
• Proactively identify and fill talent gaps - participate in hiring decisions with a focus on candidates who will amplify GitLab's values and raise the team's technical bar.
• Drive engagement and retention - recognize team member contributions, address engagement risks early, and create an environment of open feedback and psychological safety.
• Cascade organizational context - translate division and company-wide strategy into clear, actionable team priorities; keep team members informed in a timely manner.
• Implement and mature incident response processes - build and improve runbooks, procedures, and team capabilities that translate functional plans into tactical execution.
• Lead incident response - serve as an escalation point and incident commander for high-severity events, including occasional nights and weekends; model the standard for quality investigations.
• Enable cross-functional collaboration - coordinate effectively with peer SecOps teams, Legal, Customer Support, and Infrastructure to resolve incidents and close defense gaps through actionable retrospective mitigations.
• Align the team on defensive improvements - drive insights from alerts, investigations, and incidents to improve GitLab's security posture and support a "shift left" mindset.
• Champion remote-first practices - consistently model and coach team members on GitLab's remote working best practices, async communication norms, and handbook-first culture.

What You'll Bring

• Proven people management experience - track record of managing and developing a team of security engineers, setting performance expectations, providing coaching, and driving accountability for results.
• Incident response leadership - demonstrated experience leading complex incident response operations, including large-scale incident coordination and the full lifecycle from triage to retrospective.
• Hands-on technical background - experience conducting security investigations and log analysis using SIEM tools (e.g., Splunk, Elastic); working knowledge of GCP and/or AWS, including cloud forensics.
• Customer-facing credibility - comfortable representing GitLab Security during customer escalations and high-visibility cybersecurity discussions.
• Proactive hunting and threat intelligence - proficiency in threat hunting based on intelligence, and familiarity with supply chain threats targeting SaaS platforms.
• AI and automation mindset - experience using AI/LLMs to improve incident response workflows and automate repetitive processes.
• Platform familiarity - experience using GitLab (or a comparable DevSecOps platform) for project tracking; bonus if you have experience responding to threats against a SaaS platform.
• Prioritization under pressure - ability to make sound operational decisions quickly, escalate issues cleanly, and guide the team on balancing what is urgent versus what is important.