Principal Cybersecurity Incident Manager (USA)

About This RoleAI processing…

Key Responsibilities

• 1
  Incident Command & Crisis Leadership: Serve as the primary Incident Commander for critical and complex security events across GitLab.com and corporate infrastructure, providing decisive leadership during high-stress situations
• 2
  Cross-Functional Coordination: Orchestrate response efforts across Security Operations, Infrastructure, Legal, Engineering, Product, and executive stakeholders, maintaining clear communication streams and unified action plans
• 3
  Technical Collaboration Leadership: Lead technical calls and/or establish effective async collaboration during incidents, managing participant contributions, keeping discussions focused, and ensuring efficient progress toward resolution
• 4
  Blameless Post-Incident Reviews: Conduct comprehensive post-incident reviews and retrospectives, driving the creation of action items, process improvements, and systemic enhancements
• 5
  Playbook Development: Design, maintain, and continuously improve incident response playbooks, runbooks, and standard operating procedures for various incident scenarios in conjunction with SIRT engineers
• 6
  Process Engineering: Build and refine incident command frameworks, communication protocols, and escalation procedures that scale across a global, all-remote organization
• 7
  Training & Mentorship: Develop and deliver incident command training programs, mentor incident commanders at various levels, and build organizational muscle memory for effective incident response
• 8
  Stakeholder Communication: Translate technical incident details into clear, actionable communications for executive leadership, customers, and internal stakeholders
• 9
  Automation & Tooling: Identify opportunities for automation in incident response workflows and collaborate with engineering teams to build tools that enhance incident management capabilities
• 10
  Threat Landscape Awareness: Maintain deep understanding of current threat actors, attack vectors, and security trends to inform incident response preparedness
• 11
  10+ years of experience in information security, with at least 5 years focused on incident response, security operations, or related disciplines
• 12
  Demonstrated experience serving as Incident Commander for critical security events in complex, distributed environments
• 13
  Command Presence: Proven ability to lead and coordinate teams during high-stress, high-impact incidents with clarity, authority, and calm decisiveness
• 14
  Strong knowledge of attacker tactics, techniques, and procedures (eg MITRE ATT&CK framework)
• 15
  Technical proficiency with cloud infrastructure (GCP, AWS), container orchestration (Kubernetes), and modern application architectures
• 16
  Experience with security information and event management (SIEM) platforms, log analysis, and security monitoring tools
• 17
  Excellent written and verbal communication skills, including the ability to communicate technical concepts to non-technical stakeholders and executive leadership
• 18
  Demonstrated ability to build relationships and coordinate effectively across security, engineering, legal, and business teams
• 19
  Ability to identify systemic issues from incident patterns and drive organizational improvements
• 20
  Share our values , and work in accordance with those values
• 21
  Nice to haves: Experience working with / in Site Reliability Engineering (SRE), DevOps, or Infrastructure Engineering; Experience with GitLab the product and familiarity with DevSecOps practices; Experience working in an all-remote or distributed team environment

Requirements

• 10+ years of experience in information security, with at least 5 years focused on incident response, security operations, or related disciplines
• Strong knowledge of attacker tactics, techniques, and procedures (eg MITRE ATT&CK framework)
• Technical proficiency with cloud infrastructure (GCP, AWS), container orchestration (Kubernetes), and modern application architectures
• Experience with security information and event management (SIEM) platforms, log analysis, and security monitoring tools
• Nice to haves: Experience working with / in Site Reliability Engineering (SRE), DevOps, or Infrastructure Engineering; Experience with GitLab the product and familiarity with DevSecOps practices; Experience working in an all-remote or distributed team environment
• Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification.
• If you have a disability or special need that requires accommodation , please let us know during the recruiting process .

Perks & Benefits