Act as incident command authority for high-severity (Sev A / Sev 1) or systemic incidents ... Demonstrates systems thinking across incident response and threat detection * Builds high ...
Act as incident command authority for high-severity (Sev A / Sev 1) or systemic incidents ... Demonstrates systems thinking across incident response and threat detection * Builds high ...
$125K - $195K/yr
Knowledge of and experience with Incident command system (ICS) * Experience in leading and developing incident command from stractch Key Competencies * Incident Command & Leadership * Operational ...
$125K - $195K/yr
Knowledge of and experience with Incident command system (ICS) * Experience in leading and developing incident command from stractch Key Competencies * Incident Command & Leadership * Operational ...
Critical Incident Command (CIC) Shift Lead
VA · On-site +1
... Full-time Description & Requirements Maximus is a trusted federal partner supporting mission ... Our work focuses on sustaining, operating, and improving essential government systems and services ...
Critical Incident Command (CIC) Shift Lead
VA · On-site +1
... Full-time Description & Requirements Maximus is a trusted federal partner supporting mission ... Our work focuses on sustaining, operating, and improving essential government systems and services ...
FEMA Independent Study Incident Command System 100; Introduction to the Incident Command System * FEMA Independent Study Incident Command System 200; Basic Incident Command System for Initial ...
FEMA Independent Study Incident Command System 100; Introduction to the Incident Command System * FEMA Independent Study Incident Command System 200; Basic Incident Command System for Initial ...
Public Safety Liaison (Phoenix, AZ)
Phoenix, AZ · On-site
$88K - $91K/yr
FEMA Independent Study Incident Command System 100; Introduction to the Incident Command System * FEMA Independent Study Incident Command System 200; Basic Incident Command System for Initial ...
Public Safety Liaison (Phoenix, AZ)
Phoenix, AZ · On-site
$88K - $91K/yr
FEMA Independent Study Incident Command System 100; Introduction to the Incident Command System * FEMA Independent Study Incident Command System 200; Basic Incident Command System for Initial ...
Paramedic FT Nights
Englewood, NJ · On-site
$33/hr
Paramedic FT Nights Req Id: 64507 Englewood Health, a leading healthcare system comprising ... Incident Command System Training/NJ State Police, Office of Emergency Management * Both Hazardous ...
Paramedic FT Nights
Englewood, NJ · On-site
$33/hr
Paramedic FT Nights Req Id: 64507 Englewood Health, a leading healthcare system comprising ... Incident Command System Training/NJ State Police, Office of Emergency Management * Both Hazardous ...
Public Safety Liaison
San Diego, CA · On-site
$94K - $97K/yr
FEMA Independent Study Incident Command System 100; Introduction to the Incident Command System * FEMA Independent Study Incident Command System 200; Basic Incident Command System for Initial ...
Public Safety Liaison
San Diego, CA · On-site
$94K - $97K/yr
FEMA Independent Study Incident Command System 100; Introduction to the Incident Command System * FEMA Independent Study Incident Command System 200; Basic Incident Command System for Initial ...
Public Safety Liaison
Los Angeles, CA · On-site
$94K - $97K/yr
FEMA Independent Study Incident Command System 100; Introduction to the Incident Command System * FEMA Independent Study Incident Command System 200; Basic Incident Command System for Initial ...
Public Safety Liaison
Los Angeles, CA · On-site
$94K - $97K/yr
FEMA Independent Study Incident Command System 100; Introduction to the Incident Command System * FEMA Independent Study Incident Command System 200; Basic Incident Command System for Initial ...
Public Safety Liaison (Tampa, FL)
Tampa, FL · On-site
$98K - $101K/yr
FEMA Independent Study Incident Command System 100; Introduction to the Incident Command System * FEMA Independent Study Incident Command System 200; Basic Incident Command System for Initial ...
Public Safety Liaison (Tampa, FL)
Tampa, FL · On-site
$98K - $101K/yr
FEMA Independent Study Incident Command System 100; Introduction to the Incident Command System * FEMA Independent Study Incident Command System 200; Basic Incident Command System for Initial ...
Public Safety Liaison (Miami, FL)
Miami, FL · On-site
$50K - $100K/yr
FEMA Independent Study Incident Command System 100; Introduction to the Incident Command System * FEMA Independent Study Incident Command System 200; Basic Incident Command System for Initial ...
Public Safety Liaison (Miami, FL)
Miami, FL · On-site
$50K - $100K/yr
FEMA Independent Study Incident Command System 100; Introduction to the Incident Command System * FEMA Independent Study Incident Command System 200; Basic Incident Command System for Initial ...
Public Safety Liaison (San Francisco, CA)
San Francisco, CA · On-site
$94K - $97K/yr
FEMA Independent Study Incident Command System 100; Introduction to the Incident Command System * FEMA Independent Study Incident Command System 200; Basic Incident Command System for Initial ...
Public Safety Liaison (San Francisco, CA)
San Francisco, CA · On-site
$94K - $97K/yr
FEMA Independent Study Incident Command System 100; Introduction to the Incident Command System * FEMA Independent Study Incident Command System 200; Basic Incident Command System for Initial ...
Public Safety Liaison (Las Vegas, Nevada)
Las Vegas, NV · On-site
$78K - $81K/yr
FEMA Independent Study Incident Command System 100; Introduction to the Incident Command System * FEMA Independent Study Incident Command System 200; Basic Incident Command System for Initial ...
Public Safety Liaison (Las Vegas, Nevada)
Las Vegas, NV · On-site
$78K - $81K/yr
FEMA Independent Study Incident Command System 100; Introduction to the Incident Command System * FEMA Independent Study Incident Command System 200; Basic Incident Command System for Initial ...
Public Safety Liaison (Denver, Colorado)
Denver, CO · On-site
$88K - $91K/yr
FEMA Independent Study Incident Command System 100; Introduction to the Incident Command System * FEMA Independent Study Incident Command System 200; Basic Incident Command System for Initial ...
Public Safety Liaison (Denver, Colorado)
Denver, CO · On-site
$88K - $91K/yr
FEMA Independent Study Incident Command System 100; Introduction to the Incident Command System * FEMA Independent Study Incident Command System 200; Basic Incident Command System for Initial ...
Public Safety Liaison (Austin, TX)
Austin, TX · On-site
$79K - $83K/yr
FEMA Independent Study Incident Command System 100; Introduction to the Incident Command System * FEMA Independent Study Incident Command System 200; Basic Incident Command System for Initial ...
Public Safety Liaison (Austin, TX)
Austin, TX · On-site
$79K - $83K/yr
FEMA Independent Study Incident Command System 100; Introduction to the Incident Command System * FEMA Independent Study Incident Command System 200; Basic Incident Command System for Initial ...
Public Safety Liaison (Dallas, TX)
Dallas, TX · On-site
$79K - $83K/yr
FEMA Independent Study Incident Command System 100; Introduction to the Incident Command System * FEMA Independent Study Incident Command System 200; Basic Incident Command System for Initial ...
Public Safety Liaison (Dallas, TX)
Dallas, TX · On-site
$79K - $83K/yr
FEMA Independent Study Incident Command System 100; Introduction to the Incident Command System * FEMA Independent Study Incident Command System 200; Basic Incident Command System for Initial ...
Fire Captain
$71K - $105K/yr
Fire suppression and prevention methods, including the Incident Command System. Operation, use, and ... Two (2) years of full-time experience as a Fire Lieutenant or equivalent supervisory fire service ...
Fire Captain
$71K - $105K/yr
Fire suppression and prevention methods, including the Incident Command System. Operation, use, and ... Two (2) years of full-time experience as a Fire Lieutenant or equivalent supervisory fire service ...
Basic knowledge of FEMA Incident Command System (Required proficiency) * Detailed knowledge of all levels of incident command system (Required proficiency) Licenses and Certifications * FEMA Incident ...
Basic knowledge of FEMA Incident Command System (Required proficiency) * Detailed knowledge of all levels of incident command system (Required proficiency) Licenses and Certifications * FEMA Incident ...
Fire Captain
Livingston, CA · On-site
$71K - $105K/yr
Fire suppression and prevention methods, including the Incident Command System. * Operation, use ... Two (2) years of full-time experience as a Fire Lieutenant or equivalent supervisory fire service ...
Fire Captain
Livingston, CA · On-site
$71K - $105K/yr
Fire suppression and prevention methods, including the Incident Command System. * Operation, use ... Two (2) years of full-time experience as a Fire Lieutenant or equivalent supervisory fire service ...
Emergency Management Officer
$27K - $42K/yr
Basic knowledge of FEMA Incident Command System (Required proficiency) * Detailed knowledge of all levels of incident command system (Required proficiency) Licenses and Certifications * FEMA Incident ...
Emergency Management Officer
$27K - $42K/yr
Basic knowledge of FEMA Incident Command System (Required proficiency) * Detailed knowledge of all levels of incident command system (Required proficiency) Licenses and Certifications * FEMA Incident ...
Incident Commander
Atlanta, GA · On-site
We are seeking an Incident Commander located in Atlanta, GA (contract/hybrid) opportunity. The ... Log, categorize, prioritize, allocate, track, and escalate incidents to Corporate Systems ...
Incident Commander
Atlanta, GA · On-site
We are seeking an Incident Commander located in Atlanta, GA (contract/hybrid) opportunity. The ... Log, categorize, prioritize, allocate, track, and escalate incidents to Corporate Systems ...
Full Time Incident Command System information
See salary details
$36.5K - $50.8K
3% of jobs
$50.8K - $65K
5% of jobs
$65K - $79.3K
5% of jobs
$79.3K - $93.6K
5% of jobs
$93.6K - $107.9K
2% of jobs
$107.9K - $122.1K
3% of jobs
$124.8K is the 25th percentile. Wages below this are outliers.
$122.1K - $136.4K
4% of jobs
$136.4K - $150.7K
0% of jobs
$150.7K - $165K
0% of jobs
$165K - $179.2K
0% of jobs
The median wage is $183.5K / yr.
$179.2K - $193.5K
72% of jobs
$36.5K
$163.4K
$193.5K
How much do full time incident command system jobs pay per year?
As of Jun 28, 2026, the average yearly pay for full time incident command system in the United States is $163,404.00, according to ZipRecruiter salary data. Most workers in this role earn between $129,000.00 and $193,000.00 per year, depending on experience, location, and employer.
What are the most commonly searched types of Incident Command System jobs? The most popular types of Incident Command System jobs are:
Full-time
Posted 11 days ago
Microsoft rating
8.6
Based on 129 frontline employees who took The Breakroom Quiz
50th of 192 rated software companies
Job description
Overview
The Incident Command & Threat Hunting Operations Manager is responsible for leading end-to-end incident response governance and proactive threat detection across Fraud & Abuse Security operations. This role ensures rapid, coordinated response to high-severity incidents while driving threat hunting programs that identify and disrupt adversarial activity before impact.
The role operates at the intersection of incident command, threat intelligence, and operational execution, delivering measurable reduction in customer and Microsoft harm through structured processes, data-driven decision-making, and cross-organizational coordination.
Responsibilities
1. Incident Command Leadership & Governance
2. Major Incident Lead Management
3. Threat Hunting Strategy & Execution
4. Threat Hunt Lead Management
5. Incident-Threat Hunting Integration
6. Cross-Organizational Coordination
7. Operational Excellence & Metrics
8. Strategy, Governance & Risk Reduction
Leadership Expectations
Impact
Qualifications
Required Qualifications
Preferred Qualifications
Security Operations Engineering M4 - The typical base pay range for this role across the U.S. is USD $119,800.00 - $234,700.00 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $160,200.00 - $261,000.00 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.
The Incident Command & Threat Hunting Operations Manager is responsible for leading end-to-end incident response governance and proactive threat detection across Fraud & Abuse Security operations. This role ensures rapid, coordinated response to high-severity incidents while driving threat hunting programs that identify and disrupt adversarial activity before impact.
The role operates at the intersection of incident command, threat intelligence, and operational execution, delivering measurable reduction in customer and Microsoft harm through structured processes, data-driven decision-making, and cross-organizational coordination.
Responsibilities
1. Incident Command Leadership & Governance
- Own and evolve the Major Incident governance model, including severity definitions, escalation pathways, and decision authority
- Act as incident command authority for high-severity (Sev A / Sev 1) or systemic incidents
- Coordinate cross-functional response across engineering, fraud, security, and product teams
- Ensure incidents are driven to resolution with clear ownership, timelines, and accountability
- Oversee incident classification, severity validation, and escalation consistency
- Sponsor and drive post-incident reviews (PIRs) to address root cause and systemic gaps
2. Major Incident Lead Management
- Lead and develop a team of Major Incident Leads (MILs) or equivalent responders
- Assign and support leadership coverage across incidents and priority workstreams
- Coach incident leads on:
- Command and control execution
- Prioritization and trade-off decisions
- Stakeholder alignment and communication
- Step in to stabilize incidents that stall, escalate improperly, or degrade in quality
3. Threat Hunting Strategy & Execution
- Define and operationalize threat hunting strategy and standards across Fraud Ops ecosystems
- Lead proactive hunts targeting:
- Undetected adversary activity
- Fraud patterns and abuse campaigns
- Emerging attack techniques and TTPs
- Ensure hunts are hypothesis-driven, intelligence-informed, and measurable
- Drive integration of threat intelligence, telemetry, and analytics into hunting workflows
4. Threat Hunt Lead Management
- Lead and develop a team of Threat Hunt Leads (THLs) or equivalent responders
- Assign and support leadership coverage across Hunts and priority workstreams
- Coach incident leads on:
- Threat Hunt execution
- Prioritization and trade-off decisions
- Stakeholder alignment and communication
- Step in to stabilize Hunts that stall, escalate improperly, or degrade in quality
5. Incident-Threat Hunting Integration
- Ensure seamless integration between:
- Reactive incident response
- Proactive threat hunting
- Detection engineering and automation
- Translate incident learnings into:
- New detections
- Hunting hypotheses
- Process and tooling improvements
- Drive closed-loop improvement model across incidents and hunts
6. Cross-Organizational Coordination
- Serve as a central coordination point across:
- Fraud Operations
- Cyber Defense Operations
- Engineering and product teams
- Threat intelligence and detection teams
- Mobilize appropriate stakeholders during incidents and threat hunts
- Ensure consistent execution across distributed teams and geographies
7. Operational Excellence & Metrics
- Define and track key performance indicators:
- Time to detect (TTD)
- Time to mitigate (TTM)
- Incident containment effectiveness
- Threat hunting yield and impact
- Establish audit-ready processes and documentation standards
- Drive continuous improvement across:
- Incident lifecycle management
- Threat detection effectiveness
- Operational efficiency
8. Strategy, Governance & Risk Reduction
- Align operations to Fraud-first principles and financial harm reduction
- Ensure policy alignment, compliance, and enforcement consistency
- Define operational strategies for:
- Risk prioritization
- Resource allocation
- Capability development (automation, tooling, analytics)
- Influence roadmap for incident response and threat hunting capabilities
Leadership Expectations
- Operates as a decisive incident commander under pressure
- Drives clarity in ambiguity and resolves decision bottlenecks
- Balances strategic foresight with tactical execution
- Demonstrates systems thinking across incident response and threat detection
- Builds high-performing teams and elevates senior IC capability
Impact
- Reduces customer and Microsoft financial harm
- Improves time-to-detect and time-to-contain threats
- Increases operational rigor and audit defensibility
- Enables scalable, repeatable incident response and threat hunting practices
- Strengthens Microsoft's security posture against fraud, abuse, and advanced threats
Qualifications
Required Qualifications
- Doctorate in Statistics, Mathematics, Computer Science, or related field OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
- OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
- OR equivalent experience.
Preferred Qualifications
- Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection
- OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 8+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection
- OR equivalent experience.
- 1+ year(s) people management and/or team leadership experience, including leading security functions (e.g., SOC, TVM) and multi-disciplinary teams.
- Relevant certifications preferred (CISSP, CISA, CISM, SANS, OSCP, Security+).
- Experience in incident response, incident command, threat hunting/detection, and Security Operations (SOC/SecOps).
- Experience managing high-severity incidents and crisis response at scale.
- Understanding of adversary tactics, techniques, and procedures (TTPs), threat intelligence integration, and incident management frameworks (e.g., MFIRP, ICS).
- Experience leading cross-functional teams in complex environments and fraud/abuse ecosystems (e.g., Azure, M365, Partner Center).
- Familiarity with Kusto, telemetry analysis, ServiceNow or similar case management platforms, and detection engineering/automation pipelines.
- Experience building operational frameworks, RACI models, and governance structures.
Security Operations Engineering M4 - The typical base pay range for this role across the U.S. is USD $119,800.00 - $234,700.00 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $160,200.00 - $261,000.00 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.
What Microsoft employees say
Pay
Benefits
Hours and flexibility
Workplace
Get the full story on Breakroom
About Microsoft
Sourced by ZipRecruiter
Our infrastructure is comprised of a large global portfolio of more than 100 datacenters and 1 million servers. Our foundation is built upon and managed by a team of subject matter experts working to support services for more than 1 billion customers and 20 million businesses in over 90 countries worldwide. With environmental sustainability and optimization at the forefront of our datacenter design and operations, we continue to grow and evolve as we meet the ever-changing business demands that hold Microsoft as a world-class cloud provider.
Industry
Computer and computer peripheral equipment and software wholesalers
Company size
10,000+ Employees
Headquarters location
Redmond, WA, US
Year founded
1975