Senior Security Engineer, Security Incident Response Team (SIRT)

GitlabGitlab·Remote(Remote, US)
Software Development
AdjustExcel

WFA Digital Insight

As the demand for cybersecurity experts continues to rise, with a 25% growth in job postings over the past year, roles like this Senior Security Engineer position at Gitlab are in high demand. With the proliferation of remote work, companies are increasingly looking for professionals who can safeguard their digital infrastructure. Gitlab, a leader in DevSecOps, stands out for its emphasis on innovation and operational efficiency. Candidates should be prepared to demonstrate their expertise in security incident response, automation, and AI-driven security solutions, as well as their ability to thrive in a fast-paced, global environment. Before applying, consider how your skills align with the company's values and the evolving landscape of cybersecurity threats.

Job Description

About the Role

The Senior Security Engineer position on Gitlab's Security Incident Response Team (SIRT) is a critical role that involves defending the company's environment against evolving security threats. This role is part of a 24/7 global on-call model and operates during U.S. business hours, requiring the ability to work cooperatively in a global team setting. The successful candidate will leverage automation and AI-driven approaches to improve detection fidelity, accelerate investigations, and reduce response times.

As a key member of the SIRT, the Senior Security Engineer will own incidents end-to-end, from detection and triage through containment, eradication, and recovery. This involves partnering cross-functionally to strengthen Gitlab's overall security posture and driving continuous improvements in defense, detection, and response capabilities. The role also supports Gitlab's FedRAMP environment, necessitating U.S. citizenship and residency within the United States.

The company culture at Gitlab values innovation, operational efficiency, and continuous knowledge exchange. The team is driven by a set of core values that emphasize collaboration, results, and transparency. As such, the ideal candidate will not only possess strong technical skills but also be able to work effectively in a collaborative, fast-paced environment.

What You Will Do

  • Lead and coordinate end-to-end incident response for high-severity security events within a 24/7 global on-call model.
  • Prepare clear executive communications that keep stakeholders informed during incidents.
  • Investigate complex security incidents across cloud environments, applying strong Digital Forensics and Incident Response (DFIR) methodologies.
  • Partner with Signals Engineering to design and implement detection capabilities, including SIEM use cases, alerting strategies, and telemetry pipelines.
  • Build and enhance automation and AI-assisted workflows to improve triage, investigation speed, and response consistency.
  • Partner with Threat Intelligence to contextualize threats and improve detection coverage.
  • Conduct root cause analysis (RCA) and lead post-incident reviews to drive continuous improvement and risk reduction.
  • Develop and maintain runbooks, playbooks, and operational documentation.
  • Collaborate with various teams to ensure the security and integrity of Gitlab's systems and data.

What We Are Looking For

  • Strong experience in security incident response, preferably in a cloud environment.
  • Proficiency in Digital Forensics and Incident Response (DFIR) methodologies.
  • Experience with automation and AI-driven security solutions.
  • Ability to work effectively in a 24/7 global on-call model.
  • Strong communication and collaboration skills.
  • U.S. citizenship and residency within the United States.
  • Experience with cloud security, compliance, and risk management.
  • Knowledge of SIEM systems, alerting strategies, and telemetry pipelines.
  • Familiarity with threat intelligence and its application in security incident response.

Nice to Have

  • Experience with Gitlab's products and services.
  • Knowledge of DevSecOps practices and principles.
  • Familiarity with Agile development methodologies.
  • Experience with machine learning and data analytics in security contexts.

Benefits and Perks

  • Competitive salary and equity package.
  • Comprehensive health, dental, and vision insurance.
  • Flexible PTO and remote work arrangements.
  • Professional development opportunities, including training and conference sponsorships.
  • Access to the latest tools and technologies in cybersecurity and DevSecOps.
  • Participation in a dynamic, collaborative work environment with a strong focus on innovation and transparency.
  • Opportunities for career growth and advancement within the company.

How to Stand Out

  • To stand out, emphasize your experience with automation and AI-driven security solutions, as well as your ability to work effectively in a fast-paced, global environment.
  • Ensure your resume and cover letter are tailored to the role, highlighting relevant skills and experiences in security incident response and cloud security.
  • Be prepared to discuss your approach to incident response, including how you leverage automation and AI to improve detection and response times.
  • Consider creating a portfolio that showcases your experience with security tools and technologies, as well as your ability to communicate complex security concepts to non-technical stakeholders.
  • When negotiating salary, be prepared to discuss your expectations based on industry standards and your level of experience, and be sure to inquire about additional benefits such as professional development opportunities and remote work stipends.
  • Watch for red flags such as a lack of transparency about the company culture or unrealistic expectations about workload or response times.

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.