Incident Commander / Incident Response Lead

What you'll do

• The Incident Commander serves as the senior operational leader during cybersecurity incidents and is responsible for directing, coordinating, and managing all response activities throughout the incident lifecycle. This position acts as the central decision-maker during major cyber events, ensuring that technical teams, business stakeholders, executive leadership, and external partners operate in a coordinated and effective manner.
• The Incident Commander leads incident response efforts involving ransomware, data breaches, cloud compromises, insider threats, business email compromise, advanced persistent threats, and other high-impact security incidents. The role is responsible for establishing response priorities, coordinating technical investigations, managing escalation activities, directing containment and recovery actions, and ensuring timely communication with executive leadership and stakeholders.
• The Incident Commander serves as the bridge between technical teams and organizational leadership by translating complex technical findings into actionable business information. The position oversees incident status reporting, executive briefings, operational decision-making, forensic coordination, threat intelligence integration, and post-incident reviews. The Incident Commander is ultimately accountable for ensuring incidents are managed efficiently, risks are minimized, and business operations are restored as quickly and safely as possible.

Qualifications

• Candidates must possess extensive experience leading cybersecurity incident response operations within enterprise, government, defense, critical infrastructure, or managed security service environments. The successful candidate should demonstrate strong expertise in incident response, crisis management, cyber defense operations, threat intelligence, digital forensics coordination, and executive communications.
• The candidate must have experience managing complex security incidents involving multiple teams, technologies, stakeholders, and business units. Strong knowledge of incident handling methodologies, cyber attack lifecycles, ransomware response, breach management, cloud security incidents, and enterprise security operations is required. Experience coordinating technical teams during high-pressure situations while maintaining operational awareness and decision-making discipline is essential.
• The position requires exceptional leadership, communication, and organizational skills. Candidates must be capable of delivering executive briefings, managing stakeholder expectations, facilitating crisis communications, and translating technical information into business-focused recommendations. Experience coordinating forensic investigations, threat intelligence activities, legal considerations, regulatory reporting, and recovery operations is highly desirable.
• Preferred certifications include CISSP, GCIH, GCFA, CISM, CASP+, PMP, ITIL, or equivalent industry-recognized certifications. Equivalent experience leading major cybersecurity incidents, crisis response operations, or cyber defense missions may be considered in lieu of specific certifications.

Core Skills

●        Incident Response Leadership

●        Crisis Management

●        Executive Briefings and Communications

●        Threat Intelligence Integration

●        Digital Forensics Coordination

●        Major Incident Management

●        Cybersecurity Operations

●        Risk Assessment and Decision Making

●        Stakeholder Management

●        Recovery and Business Continuity Coordination

●        Regulatory and Reporting Awareness

●        Cross-Functional Team Leadership