Security Incident Response Team - SIRT
GitLab Security Incident Response Team Overview
The Security Incident Response Team (SIRT) is GitLab’s dedicated team for detecting, responding to, and investigating security events that impact GitLab.com and GitLab the company, protecting the business, our platform, and the trust of our users.
Our Vision
To be the first and last line of defence protecting GitLab, our platform, and our users, proactively identifying threats before they materialise and responding decisively when they do.
Our Mission Statement
Protect GitLab’s business and the trust of our users by delivering effective security incident response, forensic analysis, and continuous detection capability. We reduce risk through rapid containment, thorough investigation, and the operational improvements we drive from every incident we handle.
The Team
Team Members
| Mitra Jozenazemian | Security Manager |
| Robbie Dickson | Security Manager |
| Austin Bollinger | Security Engineer |
| Bala Allam | Senior Security Engineer |
| Chathura Kuruwita | Senior Security Engineer |
| Ellis Coulson | Security Engineer |
| Hasan Chawich | Security Engineer |
| Janina Roppelt | Senior Security Engineer |
| Jason Hawkins | Senior Security Engineer |
| Laurens Van Dijk | Staff Security Engineer |
| Leslie Anzures | Security Engineer |
| Natalie Laundergan | Security Engineer |
| Neil McDonald | Senior Security Engineer |
| Saksham Anand | Security Engineer |
| Dylan Stephenson | Security Engineer |
| Joel Clarke | Security Engineer |
Services We Provide
- Reactive - Services design to respond to active incident handling, including but not limited to
- Incident analysis
- Incident response support and coordination
- Incident response resolution
- Detection and response engineering
- Proactive - Services designed to improve the infrastructure and security processes of GitLab before any incident occurs or is detected. The main goals are to avoid incidents and to reduce the impact and scope when they do occur.
- Cyber Threat Analysis of vulnerability warnings and security advisories
- Monitor Adversaries’ activities and related trends to help identify future threats
- Configuration and maintenance of security tools, applications, and infrastructure
- Detection and response engineering
- Administrative - Services design to assist with requests from GitLab’s Legal and HR Departments.
Engaging SIRT
The SIRT is on-call 24/7/365 to assist with any security incidents. If an urgent security incident has been identified or you suspect an incident may have occurred, please refer to Engaging the Security Engineer On-Call.
Information about SIRT responsibilities and incident ownership is available in the SIRT On-Call Guide.
Incident Management and Review
As part of the incident management and review process the SIRT maintains a recurring meeting that takes place on Monday of each week. During this meeting all of the previous weeks incidents, and any incidents that are currently open are reviewed. The review process covers the incident’s scope, impact, the work performed to mitigate and remediate the incident, next steps, blockers, and current status. These meetings are also an opportunity to discuss mishandled incidents and process improvements.
Limited Access
Information about security incidents or investigations is considered limited access and is not shared with all team members by default. Security incidents are handled with appropriate confidentiality protocols to protect potentially sensitive information and maintain operational security.
The workflow for security incident handling is:
graph TD
A[Security incident occurs] --> |Incident reported| B[SIRT automation creates a private project]
B -->C[SIRT automation creates issue in new project]
C -->D[Reporter added to the issue/project]
D -->E[Other team members are added as needed*]
*A pre-defined list of team members are automatically added when the incident is ~severity::1.
Engaging the Security Engineer On-Call
How to Engage the Security Engineer On-Call
Last modified May 7, 2026: Update SIRT handbook (
6ade3ae3)
