Principal Cybersecurity Incident Manager

About the role

Join GitLab as a Principal Cybersecurity Incident Manager, where you will lead and coordinate critical security incident response across various environments. As the primary authority during high-impact security events, you will orchestrate cross-functional teams, manage incident lifecycles, and drive continuous improvement in incident response capabilities. You will also build upon and mature the incident command function, develop incident command training programs, and maintain a deep understanding of the current threat landscape. Key missions: Coordination and leadership of critical security incident response across various environments.. Management of incident lifecycles from detection through resolution, driving continuous improvement in incident response capabilities.. Development and delivery of incident command training programs, mentoring incident commanders at various levels. Profile: - Ability to identify systemic issues from incident patterns and drive organizational improvements - Command Presence: Proven ability to lead and coordinate teams during high-stress, high-impact incidents with clarity, authority, and calm decisiveness - Share our values, and work in accordance with those values - Demonstrated ability to build relationships and coordinate effectively across security, engineering, legal, and business teams - Strong knowledge of attacker tactics, techniques, and procedures (eg MITRE ATT&CK framework) - 10+ years of experience in information security, with at least 5 years focused on incident response, security operations, or related disciplines - Demonstrated experience serving as Incident Commander for critical security events in complex, distributed environments - Technical proficiency with cloud infrastructure (GCP, AWS), container orchestration (Kubernetes), and modern application architectures - Excellent written and verbal communication skills, including the ability to communicate technical concepts to non-technical stakeholders and executive leadership - Experience with security information and event management (SIEM) platforms, log analysis, and security monitoring tools - Nice to haves: Experience working with / in Site Reliability Engineering (SRE), DevOps, or Infrastructure Engineering; Experience with GitLab the product and familiarity with DevSecOps practices; Experience working in an all-remote or distributed team environment - Many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application