Our team members are at the heart of everything we do. At Cencora, we are united in our responsibility to create healthier futures, and every person here is essential to us being able to deliver on that purpose. If you want to make a difference at the center of health, come join our innovative company and help us improve the lives of people and animals everywhere. Apply today! Job Details Position Summary The Engineer III, Cyber Incident Response, is a senior technical role within the Security Operations Center (SOC) responsible for leading complex incident investigations and supporting the continuous improvement of detection and response capabilities. This role provides advanced technical expertise in identifying, analyzing, containing, and remediating cyber threats. The Engineer III will act as a mentor to junior analysts, serve as an escalation point for critical incidents, and collaborate with global cyber defense teams to ensure timely and effective responses to advanced threats. Primary Duties and Responsibilities Lead the investigation and resolution of complex security incidents, including advanced persistent threats, ransomware, phishing campaigns, and insider activities. Perform forensic analysis across endpoints, networks, and cloud environments to identify root causes and scope of compromise. Develop and enhance incident response playbooks, runbooks, and detection use cases. Collaborate with threat intelligence, vulnerability management, and countermeasures teams to strengthen defenses. Escalate high-severity incidents to senior leadership and provide clear, actionable reporting. Act as a technical escalation point for Engineer I/II analysts during incident investigations. Contribute to red team and purple team exercises to validate and improve response capabilities. Participate in after-action reviews and lessons-learned sessions to improve SOC processes. Mentor and train junior engineers on incident response best practices and investigative techniques. Education and Qualifications

• Serve as trusted advisor as part of the security division’s leadership team, actively shaping the program direction. • Build and mature incident response runbooks, procedures, and capabilities. • Provide leadership to multiple security operations team shifts that will sometimes require you to work on nights or weekends. • Develop a culture of incident response excellence through a focus on investigation depth and accuracy. • Lead cross-functional collaboration between peer SecOps teams, security departments, and extended support teams such as Legal, Customer Support, and Infrastructure. • Foster a defense first mindset through actionable incident retrospective mitigations to close defense gaps, making GitLab a hard target for attackers. • Lead a team of expert security engineers with experience in security automation, deep dive forensics and incident response, AI detection and response capabilities, and GitLab the product. • Support response readiness and expertise about new GitLab corporate and product capabilities and features. • Drive insights from the alerts, investigations, and incidents handled by SIRT to improve the security posture of GitLab.

• Deploy, configure, and integrate security tooling across a number of cybersecurity sub-workstreams • Execute configuration updates to redirect logs, telemetry, and security data feeds to the new MSSP • Coordinate with the MSP on endpoint agent deployments and related technical dependencies • Validate integrations and ensure consistent security visibility across on-prem and cloud environments (outside the CMMC boundary) • Support development of operational SOPs, playbooks, and integration documentationIdentify integration risks and recommend practical mitigation strategies based on hands-on experience • Provide technical input during MSSP-related decision points, including tooling compatibility and architecture considerations • Collaborate closely with Trility team members, client IT stakeholders, MSP, and MSSP partners to ensure smooth transition and stabilization

• Analyze third party records in the vendor risk management system and assist with data entry and data maintenance • Meet with internal stakeholders to complete vendor intake questionnaires • Data analysis and maintenance of ticketing system • Provide general support for Governance, Risk & Compliance functions