Gitlab hero border pattern left svg Gitlab hero border pattern right svg

Security Incident Response Team

As members of GitLab's Security Operations sub department, the Security Incident Response Team detects, manages, and remediates security incidents across GitLab. Members of the Security Incident Response Team (SIRT) are the fire fighters of the GitLab Security department. SIRT works to create and maintain a safe and secure operating environment for the organization and its customers and responds to active security incidents. As a Security Engineer on SIRT you will build and maintain the tools we use to detect and respond to emerging threats in efficient and scalable ways, respond to security incidents and drive them to resolution, and develop and deploy preventative security measures for the GitLab organization and GitLab.com. Successful Security Engineers thrive in high-stress environments and can think like both an attacker and defender, engage with and mentor more junior Security Engineers, and can help come up with proactive and preventative security measures to keep GitLab and its user’s data safe in an ever changing threat landscape.

Responsibilities

  • Detect and respond to company-wide security incidents, coordinating cross-functional teams to mitigate and eradicate threats
  • Monitor and analyze emerging threats, vulnerabilities and exploits
  • Develop and implement scalable preventative security measures (detection, monitoring, exploitation)
  • Incorporate current security trends, advisories, publications, and academic research
  • Communicate risks and mitigations across multiple audiences

Requirements

  • Ability to use GitLab
  • Experience with designing and implement processes and tools to improve incident handling and resolution
  • Technical knowledge of systems in a multi-tenant, cloud environment
  • Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details
  • Share our values, and work in accordance with those values

Levels

Security Incident Response Team Engineer (Intermediate)

This position reports to the Manager, Security Incident Response Team.

Security Incident Response Team Engineer (Intermediate) Job Grade

The Security Incident Response Team Engineer is a grade 6.

Security Incident Response Team Engineer (Intermediate) Responsibilities

  • Detect and respond to basic security incidents across the organization or GitLab.com
  • Implement and monitor security measures for the protection of corporate and production infrastructure
  • Utilize log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackers
  • Contribute to creation of runbooks
  • Contribute to the production and tuning of detection rules
  • Participate in the Security Incident Response Team on-call rotation
  • Digital forensics & incident response (DFIR)
  • Identify and mitigate complex security vulnerabilities before an attacker exploits them

Security Incident Response Team Engineer (Intermediate) Requirements

  • A minimum of 2 years experience working with incident response
  • Good written and verbal communication skills
  • Experience using log analysis platforms such as splunk, ELK, bigquery, etc
  • Familiarity with Google Cloud Platform (GCP), AWS, and/or Azure
  • Substantial engineering mindset

Senior Security Incident Response Team Engineer

This position reports to the Manager, Security Incident Response Team.

Senior Security Incident Response Team Engineer Job Grade

The Senior Security Incident Response Team Engineer is a grade 7.

Senior Security Incident Response Team Engineer Responsibilities

  • Extends Security Incident Response Engineer responsibilities, plus;
  • Detect and independently respond to security incidents across the organization or GitLab.com
  • Conduct proactive threat hunting based on threat intel
  • Perform forensic analysis of infected hosts independently
  • Analyze network traffic and identify attacker activity
  • Mentor other members of the Security Incident Response Team
  • Build and maintain scalable log ingestion and analytics platforms and tooling
  • Perform root cause analysis (RCA) and incident reviews

Senior Security Incident Response Team Engineer Requirements

  • 5+ years of demonstrated experience in web or cloud security engineering, log aggregation, and/or penetration testing
  • A minimum of 2 years experience working with incident response
  • Excellent written and verbal communication skills
  • Capability to build working relationships with key stakeholders
  • Experience with operating system internals and hardening, web application and browser security, and monitoring and intrusion detection

Staff Security Incident Response Team Engineer

This position reports to the Manager, Security Incident Response Team.

Staff Security Incident Response Team Engineer Job Grade

The Staff Security Incident Response Team Engineer is a grade 8.

Staff Security Incident Response Team Engineer Responsibilities

  • Extends Senior Security Incident Response Engineer responsibilities, plus;
  • SME in incident response, mentoring and training other members of the Security Incident Response Team
  • Participate in the Security Incident Manager on-call rotation
  • Lead the design, evaluation, implementation and deployment of new security technologies
  • Maintain knowledge of emerging threats, security technologies and academic research for application in the protection of the organization and GitLab.com
  • Lead efforts to design and collect incident response metrics and improve efficiency and effectiveness of incident response plans

Staff Security Incident Response Team Engineer Requirements

  • 10 years of demonstrated experience in web or cloud security engineering, log aggregation, and/or penetration testing
  • Profound knowledge of attack and mitigation methods
  • Experience with secure network design, firewalls, authentication and authorization systems
  • Experience with threat modeling
  • Experience in the development of security tools and automation

Manager, Security Incident Response Team

This position reports to the Senior Manager, Security Incident Response Team.

Manager, Security Incident Response Team Job Grade

The Security Incident Response Team Manager is a grade 8.

Manager, Security Incident Response Team Responsibilities

  • Hire a world class team of security engineers to work on their team
  • Help their team grow their skills and experience
  • Provide input on security architecture, issues, and features
  • Hold regular 1:1's with all members of their team
  • Create a sense of psychological safety on their team
  • Be your team's role model in terms of positive thinking, de-escalating conflict, and taking time off
  • Identify the need to, and drive the implementation of security-related technical and process improvements
  • Author project plans for security initiatives
  • Draft and successfully deliver on quarterly OKRs
  • Train team members to screen candidates and conduct engineering interviews
  • Build a substantial, collaborative partnership with Legal, Infrastructure, Development and Product departments
  • Assume the role of an Incident Manager during larger security events

Manager, Security Incident Response Team Requirements

  • Proven track record as an experienced member of Security Operations or Incident Response teams - either as an Individual Contributor or as a Manager
  • Experience with leading Security or security-focused Site Reliability teams
  • Experience with working at a SaaS, or product company
  • Excellent written and verbal communication skills, especially experience with executive-level communications
  • Capability to make concrete progress in the face of ambiguity and imperfect knowledge
  • Being comfortable with often not being in control of their time (because security events don't care about anyone's plans)
  • Being comfortable with very frequent context switching
  • Willingness to be part of the Security Manager On-Call rotation
  • Robust understanding of security issues, mitigations, and a solid grasp of the current global threat landscape
  • Experience with the role of an incident manager during medium and large scale security events
  • First hand experience with major cloud providers - GCP, AWS, Azure, Digital Ocean
  • Alignment with Manager responsibilities as outlined in Leadership at GitLab

Senior Manager, Security Incident Response Team

This role reports to the Director of Security Operations.

Senior Manager, Security Incident Response Team Job Grade

The Security Incident Response Team Senior Manager is a grade 9.

Senior Manager, Security Incident Response Team Responsibilities

  • Extends Manager, Security Incident Response Team responsibilities, plus;
  • Provide tactical oversight of the teams' daily efforts
  • Maintain vision for the teams' immediate and near-term future
  • Develop and maintain teams' KPIs
  • Be your teams' role model in terms of positive thinking, de-escalating conflict, and taking time off
  • Help teams prioritise efforts and ensure they align with the overall direction of the company
  • Draft and successfully deliver on quarterly OKRs
  • Train team members to screen candidates and conduct managerial interviews
  • Build a substantial, collaborative partnership with your peers in the Legal, Infrastructure, IT, Development and Product departments
  • Being part of the Security Escalation On-Call rotation

Senior Manager, Security Incident Response Team Requirements

  • Experience with leading people managers
  • Experience with leading Security or security-focused Site Reliability teams
  • Experience with working at a SaaS, or product company
  • Excellent written and verbal communication skills, especially experience with executive-level communications
  • Capability to make concrete progress in the face of ambiguity and imperfect knowledge
  • Being comfortable with rapid context switching
  • Willingness to be part of the Security Escalation On-Call rotation
  • Robust understanding of security issues, mitigations, and a solid grasp of the current global threat landscape
  • Experience with the role of an incident manager during large scale security events
  • Familiarity with major cloud providers - GCP, AWS, Azure, Digital Ocean
  • Alignment with Manager responsibilities as outlined in Leadership at GitLab.

Performance Indicators

Career Ladder

graph LR; sec:se(Security Incident Response Engineer)-->sec:sse(Senior Security Incident Response Engineer); sec:sse(Senior Security Incident Response Engineer)-->sec:stse(Staff Security Incident Response Engineer); sec:stse(Staff Security Incident Response Engineer)-->sec:dse(Distinguished Security Incident Response Engineer); sec:sse(Senior Security Incident Response Engineer)-->sec:sem(Security Incident Response Manager); sec:sem(Security Incident Response Manager)-->sec:sesm(Security Incident Response Senior Manager); sec:sesm(Security Incident Response Senior Manager)-->sec:ds(Director of Security Operations);

For details on the Security organization leadership roles, to include the Security Operations Director and VP of Security, see the Security Leadership page.

Hiring Process

Candidates for this position can expect the hiring process to follow the order below. Please keep in mind that candidates can be declined from the position at any stage of the process.

  • Qualified candidates will be invited to schedule a 30 minute screening call with one of our Global Recruiters.
  • Next, candidates will be invited to schedule an interview with Security Incident Response Team Manager
  • Candidates will then be invited to schedule an interview with Senior Security Incident Response Team Engineer, Red Team Manager, Trust & Safety Manager
  • Candidates will then be invited to schedule an interview with Director of Security Operations
  • Successful candidates will subsequently be made an offer via email

Additional details about our process can be found on our hiring page.

About GitLab

GitLab Inc. is a company based on the GitLab open-source project. GitLab is a community project to which over 2,200 people worldwide have contributed. We are an active participant in this community, trying to serve its needs and lead by example. We have one vision: everyone can contribute to all digital content, and our mission is to change all creative work from read-only to read-write so that everyone can contribute.

We value results, transparency, sharing, freedom, efficiency, self-learning, frugality, collaboration, directness, kindness, diversity, inclusion and belonging, boring solutions, and quirkiness. If these values match your personality, work ethic, and personal goals, we encourage you to visit our primer to learn more. Open source is our culture, our way of life, our story, and what makes us truly unique.

Top 10 reasons to work for GitLab:

  1. Work with helpful, kind, motivated, and talented people.
  2. Work remote so you have no commute and are free to travel and move.
  3. Have flexible work hours so you are there for other people and free to plan the day how you like.
  4. Everyone works remote, but you don't feel remote. We don't have a head office, so you're not in a satellite office.
  5. Work on open source software so you can interact with a large community and can show your work.
  6. Work on a product you use every day: we drink our own wine.
  7. Work on a product used by lots of people that care about what you do.
  8. As a company we contribute more than we take, most of our work is released as the open source GitLab CE.
  9. Focused on results, not on long hours, so that you can have a life and don't burn out.
  10. Open internal processes: know what you're getting in to and be assured we're thoughtful and effective.

See our culture page for more!

Work remotely from anywhere in the world. Curious to see what that looks like? Check out our remote manifesto and guides.

Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license