Incident Commander / Incident Response Lead

About The Position

Requirements

• Extensive experience leading cybersecurity incident response operations within enterprise, government, defense, critical infrastructure, or managed security service environments.
• Strong expertise in incident response, crisis management, cyber defense operations, threat intelligence, digital forensics coordination, and executive communications.
• Experience managing complex security incidents involving multiple teams, technologies, stakeholders, and business units.
• Strong knowledge of incident handling methodologies, cyber attack lifecycles, ransomware response, breach management, cloud security incidents, and enterprise security operations.
• Experience coordinating technical teams during high-pressure situations while maintaining operational awareness and decision-making discipline.
• Exceptional leadership, communication, and organizational skills.
• Capability of delivering executive briefings, managing stakeholder expectations, facilitating crisis communications, and translating technical information into business-focused recommendations.
• Experience coordinating forensic investigations, threat intelligence activities, legal considerations, regulatory reporting, and recovery operations.

Nice To Haves

• Preferred certifications include CISSP, GCIH, GCFA, CISM, CASP+, PMP, ITIL, or equivalent industry-recognized certifications.
• Equivalent experience leading major cybersecurity incidents, crisis response operations, or cyber defense missions may be considered in lieu of specific certifications.

Responsibilities

• Directing, coordinating, and managing all response activities throughout the incident lifecycle.
• Acting as the central decision-maker during major cyber events.
• Ensuring technical teams, business stakeholders, executive leadership, and external partners operate in a coordinated and effective manner.
• Leading incident response efforts involving ransomware, data breaches, cloud compromises, insider threats, business email compromise, advanced persistent threats, and other high-impact security incidents.
• Establishing response priorities.
• Coordinating technical investigations.
• Managing escalation activities.
• Directing containment and recovery actions.
• Ensuring timely communication with executive leadership and stakeholders.
• Translating complex technical findings into actionable business information.
• Overseeing incident status reporting, executive briefings, operational decision-making, forensic coordination, threat intelligence integration, and post-incident reviews.
• Ensuring incidents are managed efficiently, risks are minimized, and business operations are restored as quickly and safely as possible.