Senior Security Engineer, Security Incident Response Team

Senior Security Engineer, Security Incident Response Team (SIRT). Remote, EMEA. GitLab is an open-core software company that develops the AI-powered DevSecOps Platform used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world. Co-create the future with us as we build technology that transforms how the world develops software.

An overview of this role

As a Senior Security Engineer on GitLab's Security Incident Response Team (SIRT), you will be on the frontline of protecting both GitLab.com and GitLab the company from security threats.

Work schedule

This role follows a compressed four-day workweek, with standard full-time hours spread across four extended shifts. To ensure 24/7/365 security coverage, team members work one of two schedules:

• Sunday through Wednesday
• Wednesday through Saturday

Your primary focus will be detecting and responding to security incidents during your scheduled shifts. You will work extensively with incident response automation tools to investigate, analyze, and resolve security events. You will also have opportunities to contribute to security tooling and automation to improve detection and response capabilities.

Role focus

You will develop expertise using our security infrastructure to monitor for threats, analyze potential incidents, and coordinate response across teams. This is ideal for someone who wants to grow incident response skills within GitLab's security framework, learning to think tactically and strategically while gaining hands-on experience handling real-world incidents.

Expected mindset

Successful Security Engineers thrive in high-pressure environments, remain calm while following runbooks, and think critically about security challenges. You will learn to think like both an attacker and defender, developing proactive security measures to protect GitLab and user data. Through hands-on experience and mentorship, you will build skills to anticipate risks, respond effectively to incidents, and contribute to GitLab's security posture.

Team context

Find out more about the Security Operations team and responsibilities:

• Lead security incident response in our 24/7 global rotation, managing incidents from detection through containment and recovery
• Create and maintain incident response documentation, including runbooks and standard procedures
• Conduct post-incident analysis through RCA and lessons-learned reviews
• Design and implement automated security processes to improve efficiency
• Drive continuous improvement by identifying security gaps and implementing detection and response capabilities
• Collaborate across GitLab teams to develop new security capabilities and deliver technical projects

• Demonstrated ability to learn and lead incident response processes independently
• Experience with SIEM/security logging tools
• Experience with cloud platforms (GCP and/or AWS)
• Python programming skills or strong willingness to learn
• A passion for technical documentation
• Proactive approach to identifying and investigating security threats
• Interest in conducting forensic analysis of infected hosts
• Experience or strong desire to learn cloud-based security investigations

Security Operations is a globally distributed team of engineers across AMER, APAC and EMEA, leading security investigations, incident response, cyber threat analysis, and response engineering. We operate as a cross-regional team with automation and processes to facilitate collaboration during incident handling and project work.

GitLab is proud to be an equal opportunity workplace and an affirmative action employer. Our policies and practices regarding recruitment, employment, career development, promotion, and retirement are based on merit, regardless of race, color, religion, sex, national origin, age, disability, or any other protected status. See also GitLab’s EEO Policy. If you require accommodation during the recruiting process, please let us know.

*