We are seeking a Cybersecurity Incident Commander to join SoFi's Cyber Defense program and lead incident command efforts across the organization. This role will serve as a central driver for security ...
We are seeking a Cybersecurity Incident Commander to join SoFi's Cyber Defense program and lead incident command efforts across the organization. This role will serve as a central driver for security ...
We are seeking a Cybersecurity Incident Commander to join SoFi's Cyber Defense program and lead incident command efforts across the organization. This role will serve as a central driver for security ...
We are seeking a Cybersecurity Incident Commander to join SoFi's Cyber Defense program and lead incident command efforts across the organization. This role will serve as a central driver for security ...
Director, Cybersecurity Incident Commander Direct message the job poster from PRI Technology The Cyber Incident Lead will drive and coordinate our organization's cybersecurity incident response ...
Director, Cybersecurity Incident Commander Direct message the job poster from PRI Technology The Cyber Incident Lead will drive and coordinate our organization's cybersecurity incident response ...
The Incident Commander serves as the senior operational leader during cybersecurity incidents and is responsible for directing, coordinating, and managing all response activities throughout the ...
The Incident Commander serves as the senior operational leader during cybersecurity incidents and is responsible for directing, coordinating, and managing all response activities throughout the ...
Cybersecurity Incident Management Commander
Plano, TX · On-site
$110K - $185K/yr
Serve as the Incident Commander for high-profile cyber security incidents, and coordinate response activities throughout the incident lifecycle in partnership with global incident managers and among ...
Cybersecurity Incident Management Commander
Plano, TX · On-site
$110K - $185K/yr
Serve as the Incident Commander for high-profile cyber security incidents, and coordinate response activities throughout the incident lifecycle in partnership with global incident managers and among ...
Cybersecurity Incident Management Commander
$110K - $185K/yr
Serve as the Incident Commander for high-profile cyber security incidents, and coordinate response activities throughout the incident lifecycle in partnership with global incident managers and among ...
Cybersecurity Incident Management Commander
$110K - $185K/yr
Serve as the Incident Commander for high-profile cyber security incidents, and coordinate response activities throughout the incident lifecycle in partnership with global incident managers and among ...
Cybersecurity Incident Management Commander
$110K - $185K/yr
Serve as the Incident Commander for high-profile cyber security incidents, and coordinate response activities throughout the incident lifecycle in partnership with global incident managers and among ...
Cybersecurity Incident Management Commander
$110K - $185K/yr
Serve as the Incident Commander for high-profile cyber security incidents, and coordinate response activities throughout the incident lifecycle in partnership with global incident managers and among ...
Director of Cyber Incident Response (Austin)
Austin, TX · On-site
$215K - $245K/yr
A leading cybersecurity solutions provider is seeking a Director of Cybersecurity Incident Commander in Austin, TX. In this role, you will drive and coordinate the organization's cybersecurity ...
Director of Cyber Incident Response (Austin)
Austin, TX · On-site
$215K - $245K/yr
A leading cybersecurity solutions provider is seeking a Director of Cybersecurity Incident Commander in Austin, TX. In this role, you will drive and coordinate the organization's cybersecurity ...
Serve as the executive incident commander for high-severity cybersecurity events, coordinating technical teams, business stakeholders, and leadership. * Define and maintain incident response plans ...
Serve as the executive incident commander for high-severity cybersecurity events, coordinating technical teams, business stakeholders, and leadership. * Define and maintain incident response plans ...
Serve as the executive incident commander for high-severity cybersecurity events, coordinating technical teams, business stakeholders, and leadership. * Define and maintain incident response plans ...
Serve as the executive incident commander for high-severity cybersecurity events, coordinating technical teams, business stakeholders, and leadership. * Define and maintain incident response plans ...
$106K - $144K/yr
This role is the primary Incident Commander for the Cyber Security Incident Response Plan (CSIRP) - owning end-to-end response coordination for high-severity and critical security incidents across ...
$106K - $144K/yr
This role is the primary Incident Commander for the Cyber Security Incident Response Plan (CSIRP) - owning end-to-end response coordination for high-severity and critical security incidents across ...
Principal, Cyber Security
Atlanta, GA · On-site
$106K - $144K/yr
This role is the primary Incident Commander for the Cyber Security Incident Response Plan (CSIRP) - owning end-to-end response coordination for high-severity and critical security incidents across ...
Principal, Cyber Security
Atlanta, GA · On-site
$106K - $144K/yr
This role is the primary Incident Commander for the Cyber Security Incident Response Plan (CSIRP) - owning end-to-end response coordination for high-severity and critical security incidents across ...
They are seeking a Cybersecurity Incident Response Analyst II to join their incident response ... the role of incident commander until relieved by senior staff. • Post-Incident Review:
They are seeking a Cybersecurity Incident Response Analyst II to join their incident response ... the role of incident commander until relieved by senior staff. • Post-Incident Review:
Pantex Plant is seeking a highly skilled and motivated Cybersecurity Incident Handler with a ... basic command-line navigation. • Familiarity with common enterprise security tools, such as ...
Pantex Plant is seeking a highly skilled and motivated Cybersecurity Incident Handler with a ... basic command-line navigation. • Familiarity with common enterprise security tools, such as ...
Technology Support Lead - Incident Management & Response (IMR)
Seattle, WA · On-site
$142K - $190K/yr
As a Technology Support Lead at JPMorganChase within the Cybersecurity & Technology Controls Incident Management & Response team, you will serve as a critical member of our Global Incident Command ...
Technology Support Lead - Incident Management & Response (IMR)
Seattle, WA · On-site
$142K - $190K/yr
As a Technology Support Lead at JPMorganChase within the Cybersecurity & Technology Controls Incident Management & Response team, you will serve as a critical member of our Global Incident Command ...
As a Technology Support Lead at JPMorganChase within the Cybersecurity & Technology Controls Incident Management & Response team, you will serve as a critical member of our Global Incident Command ...
As a Technology Support Lead at JPMorganChase within the Cybersecurity & Technology Controls Incident Management & Response team, you will serve as a critical member of our Global Incident Command ...
As a Technology Support Lead at JPMorganChase within the Cybersecurity & Technology Controls Incident Management & Response team, you will serve as a critical member of our Global Incident Command ...
As a Technology Support Lead at JPMorganChase within the Cybersecurity & Technology Controls Incident Management & Response team, you will serve as a critical member of our Global Incident Command ...
Staff Security Architect (Cloud Security & Incident Response)
Houston, TX · On-site
$69.25 - $92/hr
The role also leads cybersecurity incident response across Precision Health Holdings' operating ... commander: manage timelines, coordinate responders, drive decision-making, and ensure clear ...
Staff Security Architect (Cloud Security & Incident Response)
Houston, TX · On-site
$69.25 - $92/hr
The role also leads cybersecurity incident response across Precision Health Holdings' operating ... commander: manage timelines, coordinate responders, drive decision-making, and ensure clear ...
Staff Security Architect (Cloud Security & Incident Response)
Houston, TX · On-site
$69.25 - $92/hr
The role also leads cybersecurity incident response across Precision Health Holdings' operating ... commander: manage timelines, coordinate responders, drive decision-making, and ensure clear ...
Staff Security Architect (Cloud Security & Incident Response)
Houston, TX · On-site
$69.25 - $92/hr
The role also leads cybersecurity incident response across Precision Health Holdings' operating ... commander: manage timelines, coordinate responders, drive decision-making, and ensure clear ...
... incident commander to join our fast-growing team. This role will support the orchestration of ... Familiarity with cybersecurity principles and frameworks (e.g. MITRE ATT&CK). * Knowledge across ...
... incident commander to join our fast-growing team. This role will support the orchestration of ... Familiarity with cybersecurity principles and frameworks (e.g. MITRE ATT&CK). * Knowledge across ...
Cybersecurity Incident Commander information
See salary details
$41K - $55.4K
6% of jobs
$55.4K - $69.8K
7% of jobs
$69.8K - $84.2K
6% of jobs
$87.6K is the 25th percentile. Wages below this are outliers.
$84.2K - $98.6K
21% of jobs
$98.6K - $113K
7% of jobs
The median wage is $118.4K / yr.
$113K - $127.5K
4% of jobs
$127.5K - $141.9K
3% of jobs
$141.9K - $156.3K
7% of jobs
$167.9K is the 75th percentile. Wages above this are outliers.
$156.3K - $170.7K
15% of jobs
$170.7K - $185.1K
19% of jobs
$185.1K - $199.5K
3% of jobs
$41K
$127.2K
$199.5K
How much do cybersecurity incident commander jobs pay per year?
What is the difference between Cybersecurity Incident Commander vs Cybersecurity Analyst?
| Aspect | Cybersecurity Incident Commander | Cybersecurity Analyst |
|---|---|---|
| Certifications | GCIH, CISSP, CISM | CompTIA Security+, GIAC certifications |
| Work Environment | Incident response teams, security operations centers | Monitoring networks, analyzing threats |
| Responsibilities | Lead incident response, coordinate teams, communicate with stakeholders | Detect threats, analyze security data, recommend fixes |
The Cybersecurity Incident Commander focuses on leading and coordinating incident response efforts during security breaches, while the Cybersecurity Analyst primarily monitors systems, analyzes threats, and supports security measures. Both roles require relevant certifications and work in security operations environments, but their responsibilities differ in scope and leadership level.
What are the key skills and qualifications needed to thrive as a Cybersecurity Incident Commander, and why are they important?
What are Cybersecurity Incident Commanders?
What are the main challenges a Cybersecurity Incident Commander faces during a major security incident?

Job description
We are seeking a Cybersecurity Incident Commander to join SoFi's Cyber Defense program and lead incident command efforts across the organization. This role will serve as a central driver for security incident response, ensuring effective management of day-to-day incidents as well as large-scale, high-impact cybersecurity events.
The SOC team is responsible for monitoring, analyzing, and responding to security events across SoFi's infrastructure and applications. As a dedicated incident response resource within Cyber Defense, you will coordinate cross-functional response efforts, maintain incident command structure during active events, and ensure consistent communication, documentation, and resolution tracking.
This is a highly visible role that partners closely with SOC Analysts, Threat Research, Offensive Security, Tools Automation & Operations (TAO), Engineering, IT, Legal, Risk, Executive team, and other stakeholders to drive timely containment, eradication, and recovery. The ideal candidate thrives in fast-paced environments, brings structure to ambiguity, has exceptional communication skills, and can effectively drive complex incidents from detection through post-incident review.
What You'll Do:Serve as the primary Security Incident Commander for security incidents identified by the SOC.
Lead and manage the end-to-end lifecycle of security incidents, including triage validation, containment, eradication, recovery, and closure.
Establish and maintain incident command during high-severity or large-scale incidents.
Drive cross-functional collaboration and decision making across technical and business teams to ensure timely and effective response.
Facilitate incident communication, coordinate response resources, and maintain clear situational awareness for all engaged.
Ensure consistent documentation of incident timelines, impact assessments, decisions, evidence chain of custody, and actions taken.
Develop and maintain incident severity classifications and escalation criteria that are aligned with organizational and business needs and expectations.
Provide executive-ready status updates and summaries during major incidents.
Coordinate post-incident reviews, including root cause analysis, lessons learned, and tracking of remediation actions.
Identify and facilitate opportunities to improve incident response processes, playbooks, and communication workflows.
Partner with SOC leadership to enhance incident metrics, reporting, and operational maturity.
Organize and participate in tabletop exercises, simulations, and readiness activities to improve Cyber Defense and SOC response capabilities.
3-7+ years of experience in cybersecurity operations, incident response, or SOC environments.
Direct experience coordinating or leading security incident response efforts in enterprise environments.
Strong understanding of the incident response lifecycle and frameworks (e.g., NIST 800-61).
Experience handling high-severity incidents such as ransomware, business email compromise, insider threats, cloud compromise, or data exfiltration events.
Ability to interpret technical findings and translate them into clear, actionable updates for both technical and non-technical stakeholders.
Excellent written and verbal communication skills, especially in high-pressure situations.
Strong organizational skills with the ability to manage multiple concurrent incidents.
Experience facilitating cross-functional communication across various media channels and driving accountability during live incidents.
Ability to operate independently while collaborating effectively across distributed teams.
Experience in a formal CSIRT or Incident Commander role.
Working knowledge of security technologies such as SIEM, EDR, email security, IAM, cloud security controls, and network monitoring tools.
Knowledge of regulatory and compliance considerations (e.g., financial services, PCI, SOX, GLBA).
Experience directing or conducting digital forensics or deep technical investigations.
Familiarity with cloud-native security incident response (AWS, GCP, or Azure).
Exposure to MITRE ATT&CK framework and threat intelligence integration.
Relevant certifications such as GCIA, GCIH, GCED, CISSP, CISM, or similar.
Experience developing or maintaining incident response playbooks and runbooks.
About SoFi
Sourced by ZipRecruiter
Industry
Finance and insurance
Company size
1,001 - 5,000 Employees
Headquarters location
San Francisco, CA, US
Year founded
2011