Cybersecurity Incident Commander

Employee Applicant Privacy Notice

Who we are:

The Role:

We are seeking a Cybersecurity Incident Commander to join SoFis Cyber Defense program and lead incident command efforts across the organization. This role will serve as a central driver for security incident response ensuring effective management of day-to-day incidents as well as large-scale high-impact cybersecurity events.

The SOC team is responsible for monitoring analyzing and responding to security events across SoFis infrastructure and applications. As a dedicated incident response resource within Cyber Defense you will coordinate cross-functional response efforts maintain incident command structure during active events and ensure consistent communication documentation and resolution tracking.

This is a highly visible role that partners closely with SOC Analysts Threat Research Offensive Security Tools Automation & Operations (TAO) Engineering IT Legal Risk Executive team and other stakeholders to drive timely containment eradication and recovery. The ideal candidate thrives in fast-paced environments brings structure to ambiguity has exceptional communication skills and can effectively drive complex incidents from detection through post-incident review.

What Youll Do:

• Serve as the primary Security Incident Commander for security incidents identified by the SOC.

• Lead and manage the end-to-end lifecycle of security incidents including triage validation containment eradication recovery and closure.

• Establish and maintain incident command during high-severity or large-scale incidents.

• Drive cross-functional collaboration and decision making across technical and business teams to ensure timely and effective response.

• Facilitate incident communication coordinate response resources and maintain clear situational awareness for all engaged.

• Ensure consistent documentation of incident timelines impact assessments decisions evidence chain of custody and actions taken.

• Develop and maintain incident severity classifications and escalation criteria that are aligned with organizational and business needs and expectations.

• Provide executive-ready status updates and summaries during major incidents.

• Coordinate post-incident reviews including root cause analysis lessons learned and tracking of remediation actions.

• Identify and facilitate opportunities to improve incident response processes playbooks and communication workflows.

• Partner with SOC leadership to enhance incident metrics reporting and operational maturity.

• Organize and participate in tabletop exercises simulations and readiness activities to improve Cyber Defense and SOC response capabilities.

What Youll Need:

• 37 years of experience in cybersecurity operations incident response or SOC environments.

• Direct experience coordinating or leading security incident response efforts in enterprise environments.

• Strong understanding of the incident response lifecycle and frameworks (e.g. NIST 800-61).

• Experience handling high-severity incidents such as ransomware business email compromise insider threats cloud compromise or data exfiltration events.

• Ability to interpret technical findings and translate them into clear actionable updates for both technical and non-technical stakeholders.

• Excellent written and verbal communication skills especially in high-pressure situations.

• Strong organizational skills with the ability to manage multiple concurrent incidents.

• Experience facilitating cross-functional communication across various media channels and driving accountability during live incidents.

• Ability to operate independently while collaborating effectively across distributed teams.

Nice to Have:

• Experience in a formal CSIRT or Incident Commander role.

• Working knowledge of security technologies such as SIEM EDR email security IAM cloud security controls and network monitoring tools.

• Knowledge of regulatory and compliance considerations (e.g. financial services PCI SOX GLBA).

• Experience directing or conducting digital forensics or deep technical investigations.

• Familiarity with cloud-native security incident response (AWS GCP or Azure).

• Exposure to MITRE ATT&CK framework and threat intelligence integration.

• Relevant certifications such as GCIA GCIH GCED CISSP CISM or similar.

• Experience developing or maintaining incident response playbooks and runbooks.