Overview The Incident Command & Threat Hunting Operations Manager is responsible for leading end-to-end incident response governance and proactive threat detection across Fraud & Abuse Security ...
Overview The Incident Command & Threat Hunting Operations Manager is responsible for leading end-to-end incident response governance and proactive threat detection across Fraud & Abuse Security ...
Establish and maintain incident command during high-severity or large-scale incidents. * Drive cross-functional collaboration and decision making across technical and business teams to ensure timely ...
Establish and maintain incident command during high-severity or large-scale incidents. * Drive cross-functional collaboration and decision making across technical and business teams to ensure timely ...
Establish and maintain incident command during high-severity or large-scale incidents. * Drive cross-functional collaboration and decision making across technical and business teams to ensure timely ...
Establish and maintain incident command during high-severity or large-scale incidents. * Drive cross-functional collaboration and decision making across technical and business teams to ensure timely ...
Critical Incident Command (CIC) Shift Lead
VA · On-site +1
General information Job Posting Title Critical Incident Command (CIC) Shift Lead Date Thursday, June 4, 2026 City Remote Country United States Working time Full-time Description & Requirements ...
Critical Incident Command (CIC) Shift Lead
VA · On-site +1
General information Job Posting Title Critical Incident Command (CIC) Shift Lead Date Thursday, June 4, 2026 City Remote Country United States Working time Full-time Description & Requirements ...
... incident command efforts, manage security incidents, and ensure effective response to cybersecurity events across the organization. Responsibilities : • Serve as the primary Security Incident ...
... incident command efforts, manage security incidents, and ensure effective response to cybersecurity events across the organization. Responsibilities : • Serve as the primary Security Incident ...
... incident command efforts, manage security incidents, and ensure effective response to cybersecurity events across the organization. Responsibilities : • Serve as the primary Security Incident ...
... incident command efforts, manage security incidents, and ensure effective response to cybersecurity events across the organization. Responsibilities : • Serve as the primary Security Incident ...
Incident Commander
Miami, FL · On-site
$30/hr
In your day to day role as an Incident Commander, you will be acting as a liaison between Surefox and its clients while providing emergency response. You will perform all duties in accordance with ...
Incident Commander
Miami, FL · On-site
$30/hr
In your day to day role as an Incident Commander, you will be acting as a liaison between Surefox and its clients while providing emergency response. You will perform all duties in accordance with ...
Incident Commander
Miami, FL · On-site
$30/hr
In your day to day role as an Incident Commander, you will be acting as a liaison between Surefox and its clients while providing emergency response. You will perform all duties in accordance with ...
Incident Commander
Miami, FL · On-site
$30/hr
In your day to day role as an Incident Commander, you will be acting as a liaison between Surefox and its clients while providing emergency response. You will perform all duties in accordance with ...
Incident Commander
Atlanta, GA · On-site
The Incident Commander's (IC) primary responsibility is actively managing the Technology Support Teams to address unplanned outages or service interruptions. Identify and drive an expedited incident ...
Incident Commander
Atlanta, GA · On-site
The Incident Commander's (IC) primary responsibility is actively managing the Technology Support Teams to address unplanned outages or service interruptions. Identify and drive an expedited incident ...
$125K - $195K/yr
This individual acts as the central command point during major incidents, ensuring rapid triage, cross-team coordination, effective communication, and structured post-incident analysis. This role ...
$125K - $195K/yr
This individual acts as the central command point during major incidents, ensuring rapid triage, cross-team coordination, effective communication, and structured post-incident analysis. This role ...
Incident Commander
San Francisco, CA · On-site
In your day to day role as an Incident Commander, you will be acting as a liaison between Surefox and its clients while providing emergency response. You will perform all duties in accordance with ...
Incident Commander
San Francisco, CA · On-site
In your day to day role as an Incident Commander, you will be acting as a liaison between Surefox and its clients while providing emergency response. You will perform all duties in accordance with ...
In your day to day role as an Incident Commander, you will be acting as a liaison between Surefox and its clients while providing emergency response. You will perform all duties in accordance with ...
In your day to day role as an Incident Commander, you will be acting as a liaison between Surefox and its clients while providing emergency response. You will perform all duties in accordance with ...
As our organization continues to grow, we are expanding our incident command capabilities to ensure fast, coordinated, and effective responses to high-impact events. As an Incident Commander within ...
As our organization continues to grow, we are expanding our incident command capabilities to ensure fast, coordinated, and effective responses to high-impact events. As an Incident Commander within ...
Major Incident Commander
Phoenix, AZ · On-site +1
Serves as a subject matter expert and mentor. 9. Exercises incident command authority during active major incidents, including determining severity, directing escalation paths, managing risk ...
Major Incident Commander
Phoenix, AZ · On-site +1
Serves as a subject matter expert and mentor. 9. Exercises incident command authority during active major incidents, including determining severity, directing escalation paths, managing risk ...
Incident Commander Surefox North America Inc is a veteran owned company that prides itself on creating a diverse and unique culture of trained and talented individuals. We are currently seeking an ...
New
Incident Commander Surefox North America Inc is a veteran owned company that prides itself on creating a diverse and unique culture of trained and talented individuals. We are currently seeking an ...
New
This position is an individual contributor role reporting to the Sr. Manager, SRE Incident Command. Responsibility * Serve as a subject matter expert for Docusign's incident management * Partner with ...
This position is an individual contributor role reporting to the Sr. Manager, SRE Incident Command. Responsibility * Serve as a subject matter expert for Docusign's incident management * Partner with ...
The Incident Commander serves as the senior operational leader during cybersecurity incidents and is responsible for directing, coordinating, and managing all response activities throughout the ...
The Incident Commander serves as the senior operational leader during cybersecurity incidents and is responsible for directing, coordinating, and managing all response activities throughout the ...
Incident Response, Lead
Rosedale, NY · On-site
This role carries 24/7 on-call rotation responsibilities and active incident command expectations during major and critical events. The Incident Response Lead works with IT stakeholders across Cook ...
Incident Response, Lead
Rosedale, NY · On-site
This role carries 24/7 on-call rotation responsibilities and active incident command expectations during major and critical events. The Incident Response Lead works with IT stakeholders across Cook ...
Major Incident Manager
Carolina, RI · On-site
Incident Command & Coordination Acts as Incident Commander during major incidents, coordinating cross-functional technical teams, vendors, and stakeholders to rapidly restore service. Establishes ...
Major Incident Manager
Carolina, RI · On-site
Incident Command & Coordination Acts as Incident Commander during major incidents, coordinating cross-functional technical teams, vendors, and stakeholders to rapidly restore service. Establishes ...
Major Incident Manager
Raleigh, NC · On-site
Incident Command & Coordination Acts as Incident Commander during major incidents, coordinating cross-functional technical teams, vendors, and stakeholders to rapidly restore service. Establishes ...
Major Incident Manager
Raleigh, NC · On-site
Incident Command & Coordination Acts as Incident Commander during major incidents, coordinating cross-functional technical teams, vendors, and stakeholders to rapidly restore service. Establishes ...
Incident Command information
See salary details
$36.5K - $50.8K
3% of jobs
$50.8K - $65K
5% of jobs
$65K - $79.3K
5% of jobs
$79.3K - $93.6K
5% of jobs
$93.6K - $107.9K
2% of jobs
$107.9K - $122.1K
3% of jobs
$124.8K is the 25th percentile. Wages below this are outliers.
$122.1K - $136.4K
4% of jobs
$136.4K - $150.7K
0% of jobs
$150.7K - $165K
0% of jobs
$165K - $179.2K
0% of jobs
The median wage is $183.5K / yr.
$179.2K - $193.5K
72% of jobs
$36.5K
$163.4K
$193.5K
How much do incident command jobs pay per year?
As of Jun 29, 2026, the average yearly pay for incident command in the United States is $163,404.00, according to ZipRecruiter salary data. Most workers in this role earn between $129,000.00 and $193,000.00 per year, depending on experience, location, and employer.
What is the highest paying first responder job?
The highest paying first responder job is typically a paramedic or emergency medical services (EMS) supervisor, with salaries often exceeding $50,000 to $70,000 annually depending on experience and location. Fire chiefs and police chiefs also tend to have higher salaries, often surpassing $100,000, especially in larger jurisdictions or with advanced certifications and leadership responsibilities.
What are the key skills and qualifications needed to thrive as an Incident Commander, and why are they important?
To thrive as an Incident Commander, you need strong leadership, decision-making skills, and thorough knowledge of emergency response protocols, typically supported by relevant certifications such as ICS (Incident Command System) training. Familiarity with emergency management tools, communication systems, and resource-tracking software is crucial. Exceptional communication, composure under pressure, and the ability to coordinate diverse teams are vital soft skills. These competencies ensure effective crisis management, minimize risks, and facilitate swift, organized responses to emergencies.
What are the positions in incident command?
In incident command, key positions include the Incident Commander, who oversees the response; Command Staff members such as Public Information Officer, Safety Officer, and Liaison Officer; and General Staff sections including Operations, Planning, Logistics, and Finance/Administration. These roles ensure coordinated and effective incident management, often supported by specialized teams and clear communication protocols.
What are some common challenges faced by professionals in Incident Command roles, and how can they be managed effectively?
Professionals in Incident Command often encounter challenges such as rapidly changing situations, coordinating multiple teams, and maintaining clear communication under pressure. Effectively managing these issues requires strong leadership, adaptability, and a solid grasp of established incident command protocols. Regular training, clear delegation of tasks, and the use of real-time communication tools can significantly improve team coordination and response effectiveness during emergencies.
What jobs pay 2000 a day?
In incident command roles, high-paying positions such as senior incident managers or emergency response directors can earn around $2,000 per day, especially with extensive experience, certifications, and working in high-stakes environments like large-scale disasters or critical infrastructure. These roles often require specialized skills, leadership abilities, and the ability to coordinate complex operations under pressure.
What jobs make $10,000 a month without a degree?
In incident command roles, high-level emergency management or consulting positions can reach or exceed $10,000 per month, especially with extensive experience, certifications, and leadership skills. Other high-paying jobs without a degree include sales, real estate, or skilled trades like commercial diving or certain tech roles, which often rely on experience, certifications, or specialized training rather than formal education.
What is the difference between Incident Command vs Firefighter?
| Aspect | Incident Command | Firefighter |
|---|---|---|
| Required credentials | Emergency management training, certifications like ICS, NIMS | Firefighter certification, EMT/paramedic licenses |
| Work environment | Command centers, incident sites, coordination roles | Fire scenes, rescue operations, emergency response |
| Employer & industry usage | Emergency management agencies, fire departments, disaster response teams | Fire departments, rescue services, emergency response units |
Incident Command and Firefighter roles often overlap during emergencies, but Incident Command focuses on managing and coordinating the response, while Firefighters are directly involved in suppression and rescue efforts. Both roles require specialized training and are essential in emergency situations, but their responsibilities and work environments differ significantly.
What is Incident Command?
Incident Command refers to a standardized, on-scene management system used to coordinate emergency response operations. It is designed to enable effective and efficient incident management by integrating facilities, equipment, personnel, procedures, and communications within a common organizational structure. The Incident Command System (ICS) is widely used by fire, police, emergency medical services, and other agencies during emergencies such as natural disasters, accidents, or terrorist events. ICS helps ensure a coordinated response, clear leadership, and safety for responders and the public.
More about Incident Command jobs
What cities are hiring for Incident Command jobs? Cities with the most Incident Command job openings:
What states have the most Incident Command jobs? States with the most job openings for Incident Command jobs include:
What job categories do people searching Incident Command jobs look for? The top searched job categories for Incident Command jobs are:
Full-time
Posted 11 days ago
Microsoft rating
8.6
Based on 129 frontline employees who took The Breakroom Quiz
50th of 192 rated software companies
Job description
Overview
The Incident Command & Threat Hunting Operations Manager is responsible for leading end-to-end incident response governance and proactive threat detection across Fraud & Abuse Security operations. This role ensures rapid, coordinated response to high-severity incidents while driving threat hunting programs that identify and disrupt adversarial activity before impact.
The role operates at the intersection of incident command, threat intelligence, and operational execution, delivering measurable reduction in customer and Microsoft harm through structured processes, data-driven decision-making, and cross-organizational coordination.
Responsibilities
1. Incident Command Leadership & Governance
2. Major Incident Lead Management
3. Threat Hunting Strategy & Execution
4. Threat Hunt Lead Management
5. Incident-Threat Hunting Integration
6. Cross-Organizational Coordination
7. Operational Excellence & Metrics
8. Strategy, Governance & Risk Reduction
Leadership Expectations
Impact
Qualifications
Required Qualifications
Preferred Qualifications
Security Operations Engineering M4 - The typical base pay range for this role across the U.S. is USD $119,800.00 - $234,700.00 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $160,200.00 - $261,000.00 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.
The Incident Command & Threat Hunting Operations Manager is responsible for leading end-to-end incident response governance and proactive threat detection across Fraud & Abuse Security operations. This role ensures rapid, coordinated response to high-severity incidents while driving threat hunting programs that identify and disrupt adversarial activity before impact.
The role operates at the intersection of incident command, threat intelligence, and operational execution, delivering measurable reduction in customer and Microsoft harm through structured processes, data-driven decision-making, and cross-organizational coordination.
Responsibilities
1. Incident Command Leadership & Governance
- Own and evolve the Major Incident governance model, including severity definitions, escalation pathways, and decision authority
- Act as incident command authority for high-severity (Sev A / Sev 1) or systemic incidents
- Coordinate cross-functional response across engineering, fraud, security, and product teams
- Ensure incidents are driven to resolution with clear ownership, timelines, and accountability
- Oversee incident classification, severity validation, and escalation consistency
- Sponsor and drive post-incident reviews (PIRs) to address root cause and systemic gaps
2. Major Incident Lead Management
- Lead and develop a team of Major Incident Leads (MILs) or equivalent responders
- Assign and support leadership coverage across incidents and priority workstreams
- Coach incident leads on:
- Command and control execution
- Prioritization and trade-off decisions
- Stakeholder alignment and communication
- Step in to stabilize incidents that stall, escalate improperly, or degrade in quality
3. Threat Hunting Strategy & Execution
- Define and operationalize threat hunting strategy and standards across Fraud Ops ecosystems
- Lead proactive hunts targeting:
- Undetected adversary activity
- Fraud patterns and abuse campaigns
- Emerging attack techniques and TTPs
- Ensure hunts are hypothesis-driven, intelligence-informed, and measurable
- Drive integration of threat intelligence, telemetry, and analytics into hunting workflows
4. Threat Hunt Lead Management
- Lead and develop a team of Threat Hunt Leads (THLs) or equivalent responders
- Assign and support leadership coverage across Hunts and priority workstreams
- Coach incident leads on:
- Threat Hunt execution
- Prioritization and trade-off decisions
- Stakeholder alignment and communication
- Step in to stabilize Hunts that stall, escalate improperly, or degrade in quality
5. Incident-Threat Hunting Integration
- Ensure seamless integration between:
- Reactive incident response
- Proactive threat hunting
- Detection engineering and automation
- Translate incident learnings into:
- New detections
- Hunting hypotheses
- Process and tooling improvements
- Drive closed-loop improvement model across incidents and hunts
6. Cross-Organizational Coordination
- Serve as a central coordination point across:
- Fraud Operations
- Cyber Defense Operations
- Engineering and product teams
- Threat intelligence and detection teams
- Mobilize appropriate stakeholders during incidents and threat hunts
- Ensure consistent execution across distributed teams and geographies
7. Operational Excellence & Metrics
- Define and track key performance indicators:
- Time to detect (TTD)
- Time to mitigate (TTM)
- Incident containment effectiveness
- Threat hunting yield and impact
- Establish audit-ready processes and documentation standards
- Drive continuous improvement across:
- Incident lifecycle management
- Threat detection effectiveness
- Operational efficiency
8. Strategy, Governance & Risk Reduction
- Align operations to Fraud-first principles and financial harm reduction
- Ensure policy alignment, compliance, and enforcement consistency
- Define operational strategies for:
- Risk prioritization
- Resource allocation
- Capability development (automation, tooling, analytics)
- Influence roadmap for incident response and threat hunting capabilities
Leadership Expectations
- Operates as a decisive incident commander under pressure
- Drives clarity in ambiguity and resolves decision bottlenecks
- Balances strategic foresight with tactical execution
- Demonstrates systems thinking across incident response and threat detection
- Builds high-performing teams and elevates senior IC capability
Impact
- Reduces customer and Microsoft financial harm
- Improves time-to-detect and time-to-contain threats
- Increases operational rigor and audit defensibility
- Enables scalable, repeatable incident response and threat hunting practices
- Strengthens Microsoft's security posture against fraud, abuse, and advanced threats
Qualifications
Required Qualifications
- Doctorate in Statistics, Mathematics, Computer Science, or related field OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
- OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
- OR equivalent experience.
Preferred Qualifications
- Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection
- OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 8+ years experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection
- OR equivalent experience.
- 1+ year(s) people management and/or team leadership experience, including leading security functions (e.g., SOC, TVM) and multi-disciplinary teams.
- Relevant certifications preferred (CISSP, CISA, CISM, SANS, OSCP, Security+).
- Experience in incident response, incident command, threat hunting/detection, and Security Operations (SOC/SecOps).
- Experience managing high-severity incidents and crisis response at scale.
- Understanding of adversary tactics, techniques, and procedures (TTPs), threat intelligence integration, and incident management frameworks (e.g., MFIRP, ICS).
- Experience leading cross-functional teams in complex environments and fraud/abuse ecosystems (e.g., Azure, M365, Partner Center).
- Familiarity with Kusto, telemetry analysis, ServiceNow or similar case management platforms, and detection engineering/automation pipelines.
- Experience building operational frameworks, RACI models, and governance structures.
Security Operations Engineering M4 - The typical base pay range for this role across the U.S. is USD $119,800.00 - $234,700.00 per year. There is a different range applicable to specific work locations, within the San Francisco Bay area and New York City metropolitan area, and the base pay range for this role in those locations is USD $160,200.00 - $261,000.00 per year.
Certain roles may be eligible for benefits and other compensation. Find additional benefits and pay information here:
https://careers.microsoft.com/us/en/us-corporate-pay
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.
What Microsoft employees say
Pay
Benefits
Hours and flexibility
Workplace
Get the full story on Breakroom
About Microsoft
Sourced by ZipRecruiter
Our infrastructure is comprised of a large global portfolio of more than 100 datacenters and 1 million servers. Our foundation is built upon and managed by a team of subject matter experts working to support services for more than 1 billion customers and 20 million businesses in over 90 countries worldwide. With environmental sustainability and optimization at the forefront of our datacenter design and operations, we continue to grow and evolve as we meet the ever-changing business demands that hold Microsoft as a world-class cloud provider.
Industry
Computer and computer peripheral equipment and software wholesalers
Company size
10,000+ Employees
Headquarters location
Redmond, WA, US
Year founded
1975