Key skills
AWSCloudGoogle Cloud PlatformKubernetesGCPGoogle CloudGitLabLeadershipCommunicationCollaboration
About this role
Role Overview
- Incident Command & Crisis Leadership: Serve as the primary Incident Commander for critical and complex security events across GitLab.com and corporate infrastructure, providing decisive leadership during high-stress situations
- Cross-Functional Coordination: Orchestrate response efforts across Security Operations, Infrastructure, Legal, Engineering, Product, and executive stakeholders, maintaining clear communication streams and unified action plans
- Technical Collaboration Leadership: Lead technical calls and/or establish effective async collaboration during incidents, managing participant contributions, keeping discussions focused, and ensuring efficient progress toward resolution
- Blameless Post-Incident Reviews: Conduct comprehensive post-incident reviews and retrospectives, driving the creation of action items, process improvements, and systemic enhancements
- Playbook Development: Design, maintain, and continuously improve incident response playbooks, runbooks, and standard operating procedures for various incident scenarios in conjunction with SIRT engineers
- Process Engineering: Build and refine incident command frameworks, communication protocols, and escalation procedures that scale across a global, all-remote organization
- Training & Mentorship: Develop and deliver incident command training programs, mentor incident commanders at various levels, and build organizational muscle memory for effective incident response
- Stakeholder Communication: Translate technical incident details into clear, actionable communications for executive leadership, customers, and internal stakeholders
- Automation & Tooling: Identify opportunities for automation in incident response workflows and collaborate with engineering teams to build tools that enhance incident management capabilities
- Threat Landscape Awareness: Maintain deep understanding of current threat actors, attack vectors, and security trends to inform incident response preparedness
Requirements
- 10+ years of experience in information security, with at least 5 years focused on incident response, security operations, or related disciplines
- Demonstrated experience serving as Incident Commander for critical security events in complex, distributed environments
- Command Presence: Proven ability to lead and coordinate teams during high-stress, high-impact incidents with clarity, authority, and calm decisiveness
- Strong knowledge of attacker tactics, techniques, and procedures (eg MITRE ATT&CK framework)
- Technical proficiency with cloud infrastructure (GCP, AWS), container orchestration (Kubernetes), and modern application architectures
- Experience with security information and event management (SIEM) platforms, log analysis, and security monitoring tools
- Excellent written and verbal communication skills, including the ability to communicate technical concepts to non-technical stakeholders and executive leadership
- Demonstrated ability to build relationships and coordinate effectively across security, engineering, legal, and business teams
- Ability to identify systemic issues from incident patterns and drive organizational improvements
- Share our values, and work in accordance with those values
- Nice to haves: Experience working with / in Site Reliability Engineering (SRE), DevOps, or Infrastructure Engineering; Experience with GitLab the product and familiarity with DevSecOps practices; Experience working in an all-remote or distributed team environment.
Tech Stack
- AWS
- Cloud
- Google Cloud Platform
- Kubernetes
Benefits
- Benefits to support your health, finances, and well-being
- Flexible Paid Time Off
- Team Member Resource Groups
- Equity Compensation & Employee Stock Purchase Plan
- Growth and Development Fund
- Parental leave
- Home office support