1

Cybersecurity Incident Commander Jobs (NOW HIRING)

The candidate will serve as Incident Commander during cybersecurity events, coordinating response efforts and communicating with leadership and affected agencies. This position requires correlating ...

Sr. Cybersecurity Engineer

Atlanta, GA · On-site

$111K - $138K/yr

Incident Command & Crisis Management: Act as the primary Incident Commander for critical cybersecurity events. You will drive technical bridges, manage cross-functional resources, and ensure clear ...

Sr. Cybersecurity Engineer

Atlanta, GA · On-site

$111K - $138K/yr

Incident Command & Crisis Management: Act as the primary Incident Commander for critical cybersecurity events. You will drive technical bridges, manage cross-functional resources, and ensure clear ...

Incident Command & Crisis Management: Act as the primary Incident Commander for critical cybersecurity events. You will drive technical bridges, manage cross-functional resources, and ensure clear ...

Serve as incident commander for high-severity cybersecurity incidents * Lead coordination across IT, network, legal, communications, and business stakeholders * Drive the end-to-end incident response ...

Serve as incident commander for high-severity cybersecurity incidents * Lead coordination across IT, network, legal, communications, and business stakeholders * Drive the end-to-end incident response ...

Experienced in cybersecurity incident response, endpoint security, SOC management, and Linux ... Experience acting as an escalation lead or incident commander for high severity incidents

Experienced in cybersecurity incident response, endpoint security, SOC management, and Linux ... Experience acting as an escalation lead or incident commander for high severity incidents

Experienced in cybersecurity incident response, endpoint security, SOC management, and Linux ... Experience acting as an escalation lead or incident commander for high severity incidents

next page

Showing results 1-20

Cybersecurity Incident Commander information

See salary details

$41K

$127.2K

$199.5K

How much do cybersecurity incident commander jobs pay per year?

As of Jul 5, 2026, the average yearly pay for cybersecurity incident commander in the United States is $127,177.00, according to ZipRecruiter salary data. Most workers in this role earn between $89,000.00 and $172,000.00 per year, depending on experience, location, and employer.

What is the difference between Cybersecurity Incident Commander vs Cybersecurity Analyst?

AspectCybersecurity Incident CommanderCybersecurity Analyst
CertificationsGCIH, CISSP, CISMCompTIA Security+, GIAC certifications
Work EnvironmentIncident response teams, security operations centersMonitoring networks, analyzing threats
ResponsibilitiesLead incident response, coordinate teams, communicate with stakeholdersDetect threats, analyze security data, recommend fixes

The Cybersecurity Incident Commander focuses on leading and coordinating incident response efforts during security breaches, while the Cybersecurity Analyst primarily monitors systems, analyzes threats, and supports security measures. Both roles require relevant certifications and work in security operations environments, but their responsibilities differ in scope and leadership level.

What are the key skills and qualifications needed to thrive as a Cybersecurity Incident Commander, and why are they important?

To thrive as a Cybersecurity Incident Commander, you need deep knowledge of cybersecurity principles, incident response frameworks, and risk management, often supported by a degree in computer science and certifications like CISSP or GCIH. Familiarity with Security Information and Event Management (SIEM) tools, forensic analysis platforms, and incident tracking systems is typically required. Strong leadership, decision-making, and communication skills are essential for coordinating teams and managing crises under pressure. These competencies ensure swift, effective response to cyber threats, minimizing organizational impact and ensuring regulatory compliance.

What are Cybersecurity Incident Commanders?

Cybersecurity Incident Commanders are professionals responsible for leading and coordinating an organization’s response to cybersecurity incidents, such as data breaches or cyberattacks. They develop and execute response plans, communicate with stakeholders, and ensure that containment, eradication, and recovery actions are taken efficiently. Their role is critical in minimizing damage, protecting sensitive data, and restoring normal operations. They also conduct post-incident reviews to improve future responses and security measures.

What are the main challenges a Cybersecurity Incident Commander faces during a major security incident?

A Cybersecurity Incident Commander often faces the challenge of coordinating cross-functional teams under high-pressure situations while maintaining clear communication and decision-making. They must rapidly assess evolving threats, prioritize response actions, and ensure all stakeholders are informed and aligned. Balancing timely containment of the incident with thorough evidence preservation for forensic investigation is another key challenge. This role requires staying calm, organized, and adaptable in dynamic environments where situations can change rapidly.
More about Cybersecurity Incident Commander jobs
What cities are hiring for Cybersecurity Incident Commander jobs? Cities with the most Cybersecurity Incident Commander job openings:
What states have the most Cybersecurity Incident Commander jobs? States with the most job openings for Cybersecurity Incident Commander jobs include:
What job categories do people searching Cybersecurity Incident Commander jobs look for? The top searched job categories for Cybersecurity Incident Commander jobs are:
Infographic showing various Cybersecurity Incident Commander job openings in the United States as of June 2026, with employment types broken down into 97% Full Time, 1% Temporary, and 2% Contract. Highlights an 94% Physical, 2% Hybrid, and 4% Remote job distribution, with an average salary of $127,177 per year, or $61.1 per hour.
Senior Staff Security Incident Commander | Security Org

Senior Staff Security Incident Commander | Security Org

ServiceNow

Santa Clara, CA

$165K - $289K/yr

Full-time

Medical, Retirement

Posted 29 days ago


Job description

Company Description

It all started when engineer Fred Luddy wrote code that automated a tedious task for his coworker, Phyllis. She cried tears of joy. That moment inspired Fred to build a company that could do that for everyone—freeing people from busywork so they could focus on meaningful work. Today, ServiceNow is the AI control tower for business reinvention. Our ServiceNow AI platform brings together any AI, any data, and any workflow— helping 85% of the Fortune 500® work smarter, faster, and better. We're building an AI-native culture where technology and talent are unstoppable together. And we're just getting started.

Join us to put AI to work for people.

Job Description

The ServiceNow Security Organization (SSO)

The ServiceNow Security Organization (SSO) delivers world-class, innovative security solutions to reduce risk and protect the company and our customers. We enable our customers to migrate their most sensitive data and workloads to the cloud, accelerating our business so that we are the most trusted SaaS provider. We create an environment where our employees are proud to work and can make a positive impact 

ServiceNow’s Security Incident Command (SIC) team is seeking an experienced senior security incident commander to join our fast-growing team. This role will support the orchestration of incident response strategy and communications during critical information security-related incidents.   

About the SIC team  

The SIC team maintains and executes the Major Security Incidents (MSI) lifecycle within ServiceNow, including Preparation, Response, and Recovery. MSIs are our most challenging and impactful security incidents which pose active or heightened risk to the company and/or our customers.    

Key value areas are preparing the company for MSIs through tabletop exercises (TTX), coordination of activity between many response workstream partners, maintenance and development of playbooks and procedures, tracking key MSI metrics and facts to keep everyone oriented, and communicating status, milestones, blockers, and critical decisions needed to senior management and executive stakeholders, including the CISO.    

What you get to do in this role 

  • Orchestration of response and remediation of incident response for highest criticality security events.  
  • Take ownership and lead response to critical incidents within the company. 
  • Establish and mature documentation surrounding protocols and procedures governing the security incident command team. 
  • Prepare and deliver communications, including executive summaries and incident briefings, to key stakeholders during and after incident response.  
  • Conduct rapid response, mitigation, and investigations on the highest priority cases impacting ServiceNow and user data.  
  • Partner with the team members across multiple regions to drive response and investigations globally.  
  • Organization and facilitation of scenario-based exercises to test and improve incident management and response strategies. 
  • Maintenance of existing playbooks and procedures, as well as developing new ones, to further standardize SIC and its partners' responses when verifying MSIs. 
  • Contribute to the organization and completion of Post-Incident Reviews (PIRs) and Root Cause Analyses (RCAs) following major security incidents. 
  • Identify new ways to simplify, integrate, automate and refine the major security incident process to better support internal and external stakeholders. 
Qualifications

Qualifications  

  • Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making or  problem-solving. This may include using AI-powered tools, automating workflows, analyzing AI-driven insights,  or exploring AI’s potential impact on the function or industry. 
  • 12+ years of total cybersecurity professional experience or similar experience with education 
  • 5–8+ years of deep domain expertise in incident response and/or incident management 
  • Experience leading or supporting complex security incidents to resolution end-to-end.  
  • Excellent verbal and written communication skills (English) 
  • Comfort communicating complex topics in a clear and concise manner to different tiers of audiences (highly        technical, less technical, executives, practitioners) 
  • Problem-solving and decision-making skills 
  • Ability to quickly and accurately assess a situation, identify and prioritize risks, and make sound decision 
  • Familiarity with cybersecurity principles and frameworks (e.g. MITRE ATT&CK).  
  • Knowledge across multiple security domains is a plus.  
  • Experience planning and/or orchestrating tabletop exercises is a plus. 

#SecurityJobs 

West Palm Beach Florida (WPB) is available to for Relocation.  Full relocation costs are provided by ServiceNow

For positions in this location, we offer a base pay of $165,500 - $289,600, plus equity (when applicable), variable/incentive compensation and benefits. Sales positions generally offer a competitive On Target Earnings (OTE) incentive compensation structure. Please note that the base pay shown is a guideline, and individual total compensation will vary based on factors such as qualifications, skill level, competencies, and work location. We also offer health plans, including flexible spending accounts, a 401(k) Plan with company match, ESPP, matching donations, a flexible time away plan and family leave programs. Compensation is based on the geographic location in which the role is located and is subject to change based on work location.


Additional Information

Work Personas

We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here. To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service.

Equal Opportunity Employer

ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. 

Accommodations

We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact globaltalentss@servicenow.com for assistance. 

Export Control Regulations

For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. 

From Fortune. ©2026 Fortune Media IP Limited. All rights reserved. Used under license.


ServiceNow logo

About ServiceNow

Sourced by ZipRecruiter

At ServiceNow, our technology makes the world work for everyone, and our people make it possible. We move fast because the world can't wait, and we innovate in ways no one else can for our customers and communities. By joining ServiceNow, you are part of an ambitious team of change makers who have a restless curiosity and a drive for ingenuity. We know that your best work happens when you live your best life and share your unique talents, so we do everything we can to make that possible. We dream big together, supporting each other to make our individual and collective dreams come true. The future is ours, and it starts with you. With more than 7,400+ customers, we serve approximately 80% of the Fortune 500, and we're proud to be one of FORTUNE's 100 Best Companies to Work For® and World's Most Admired Companies® 2022.

Industry

It services

Company size

5,001 - 10,000 Employees

Headquarters location

Santa Clara, CA, US

Year founded

2004