Cybersecurity Incident Commander

About The Position

Requirements

• 3–7+ years of experience in cybersecurity operations, incident response, or SOC environments.
• Direct experience coordinating or leading security incident response efforts in enterprise environments.
• Strong understanding of the incident response lifecycle and frameworks (e.g., NIST 800-61).
• Experience handling high-severity incidents such as ransomware, business email compromise, insider threats, cloud compromise, or data exfiltration events.
• Ability to interpret technical findings and translate them into clear, actionable updates for both technical and non-technical stakeholders.
• Excellent written and verbal communication skills, especially in high-pressure situations.
• Strong organizational skills with the ability to manage multiple concurrent incidents.
• Experience facilitating cross-functional communication across various media channels and driving accountability during live incidents.
• Ability to operate independently while collaborating effectively across distributed teams.

Nice To Haves

• Experience in a formal CSIRT or Incident Commander role.
• Working knowledge of security technologies such as SIEM, EDR, email security, IAM, cloud security controls, and network monitoring tools.
• Knowledge of regulatory and compliance considerations (e.g., financial services, PCI, SOX, GLBA).
• Experience directing or conducting digital forensics or deep technical investigations.
• Familiarity with cloud-native security incident response (AWS, GCP, or Azure).
• Exposure to MITRE ATT&CK framework and threat intelligence integration.
• Relevant certifications such as GCIA, GCIH, GCED, CISSP, CISM, or similar.
• Experience developing or maintaining incident response playbooks and runbooks.

Responsibilities

• Serve as the primary Security Incident Commander for security incidents identified by the SOC.
• Lead and manage the end-to-end lifecycle of security incidents, including triage validation, containment, eradication, recovery, and closure.
• Establish and maintain incident command during high-severity or large-scale incidents.
• Drive cross-functional collaboration and decision making across technical and business teams to ensure timely and effective response.
• Facilitate incident communication, coordinate response resources, and maintain clear situational awareness for all engaged.
• Ensure consistent documentation of incident timelines, impact assessments, decisions, evidence chain of custody, and actions taken.
• Develop and maintain incident severity classifications and escalation criteria that are aligned with organizational and business needs and expectations.
• Provide executive-ready status updates and summaries during major incidents.
• Coordinate post-incident reviews, including root cause analysis, lessons learned, and tracking of remediation actions.
• Identify and facilitate opportunities to improve incident response processes, playbooks, and communication workflows.
• Partner with SOC leadership to enhance incident metrics, reporting, and operational maturity.
• Organize and participate in tabletop exercises, simulations, and readiness activities to improve Cyber Defense and SOC response capabilities.

Benefits

• Competitive benefits