CrawlJobs Logo

Cyber Incident Response Commander

https://www.soprasteria.com Logo

Sopra Steria

Location Icon

Location:
Canada , Montréal

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Employment contract

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

The Cyber Incident Response Commander plays a critical leadership role in managing and coordinating the organization’s response to cybersecurity incidents. This role is responsible for ensuring that security events are effectively identified, assessed, contained, and remediated, while minimizing business impact. As part of the CERT (Computer Emergency Response Team), the Incident Response Commander works at the intersection of technical teams and business stakeholders, leading incident response activities and ensuring alignment with internal policies and regulatory requirements. The role reports to the Incident Response Manager.

Job Responsibility:

  • Maintain and continuously improve the Incident Response Plan (IRP) and its appendices
  • Ensure alignment between the IRP and other relevant security policies and frameworks
  • Develop and refine incident response playbooks to ensure clarity of roles and operational efficiency
  • Collaborate with Legal and Communications teams to strengthen response processes
  • Tailor IRPs to specific scopes (e.g., regions, subsidiaries, maritime operations)
  • Capture lessons learned from incidents and provide actionable improvement recommendations
  • Identify links and patterns between incidents to improve detection and response strategies
  • Support internal and external audits by providing required documentation and evidence
  • Act as Incident Commander during security incidents, coordinating cross-functional teams
  • Assess incident severity and determine appropriate escalation levels
  • Formally declare major incidents in line with risk and regulatory criteria
  • Lead incident response activities in accordance with defined plans and playbooks
  • Ensure effective collaboration between technical and business stakeholders
  • Prioritize and oversee forensic investigations and evidence collection
  • Monitor incident lifecycle: analysis, containment, mitigation, and recovery
  • Ensure timely and clear communication, reporting, and stakeholder notifications
  • Contribute to Cyber Defense Center initiatives and transversal activities
  • Support cybersecurity projects, compliance efforts, and continuous improvement programs
  • Participate in strengthening CERT capabilities and overall cyber resilience

Requirements:

  • Bachelor's degree (or equivalent) in Cybersecurity, Computer Science, or related STEM field
  • Minimum 5 years of experience in cybersecurity roles such as CERT / CSIRT, SOC / SecOps, GRC (Governance, Risk & Compliance)
  • Required Certifications (or equivalent experience): GCFA, CIH, CISSP, CEH, ECSA, ITIL Foundation
  • Strong knowledge of incident response methodologies (e.g., NIST, ISO 27035, SANS)
  • Experience with SOC operations and forensic investigations
  • Good understanding of security tools, detection, and response techniques
  • Ability to communicate complex cybersecurity topics to senior leadership and executives
  • Professional proficiency in English (written and spoken)

Nice to have:

Experience in transport, shipping, or logistics environments

What we offer:
  • Strong base salary
  • Annual performance bonus
  • Fully covered benefits package including life insurance, long-term disability, health, dental, and vision coverage, plus a health spending account
  • Sopra Steria covers 100% of premiums
  • Generous paid time off including sick leave, personal days, and 3 weeks of vacation
  • Monthly transportation allowance
  • Excellent learning, development, and career advancement opportunities
  • Hybrid work environment
  • All necessary equipment provided

Additional Information:

Job Posted:
May 20, 2026

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
Sopra Steria - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon
PREMIUM
More languages and countries
+ Unlock 30715 hidden job offers
Languages
English Čeština Deutsch Ελληνικά Español Français +15
Countries
United States United Kingdom India Canada Australia +
See plans
Plans from $2.99 / month

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Cyber Incident Response Commander

Crisis & Incident Management Lead – Operational Resilience - Vice President

The VP, Crisis & Incident Management Lead is responsible for the strategic leade...
Location
Location
United States Of America , NEW YORK
Salary
Salary:
150000.00 - 180000.00 USD / Year
credit-agricole.com Logo
Crédit Agricole
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Risk Management, Information Technology, Business Continuity, or a related field
  • Minimum 10+ years of experience in crisis/incident management, operational resilience, or business continuity
  • Experience leading cross-border incident response and regulatory engagement
  • Proficiency in English (both written and verbal)
  • Incident Management: Ability to analyze, prioritize, and manage incidents effectively. Cross-functional command and coordination
  • Strategic Thinking: Ability to align crisis and incident management initiatives with business objectives and regulatory requirements
  • Communication&Documentation: Ensure thorough documentation and clear communications over crisis and incident management activities
  • Leadership&Team Management: Proven track record of building and leading high performing teams. Strong project management skills. Ability to thrive in fast-paced, high-stakes environment
  • Regulatory Compliance: Expertise in navigating banking regulations and audit readiness. Deep understanding of financial compliance requirements and regulatory frameworks, including FFIEC, DORA, PRA and OCC
  • Crisis Leadership: Demonstrated ability to lead complex incident response efforts across business, technology, cyber, and third-party domains
Job Responsibility
Job Responsibility
  • Develop and lead a crisis and incident management strategy aligned to the bank’s operational resilience framework and key business services
  • Translate regulatory expectations (e.g., FFIEC, DORA, OCC, PRA) into actionable, risk-informed response strategies
  • Establish and manage governance forums and escalation protocols for crisis and incident oversight
  • Support the definition and testing of impact tolerances and maximum tolerable downtimes (MTD/MTLD) in partnership with Operational Resiliency Testing Lead, Business, and Technology stakeholders
  • Act as the lead coordinator during regional crises, ensuring structured, timely, and effective command, control, and communications
  • Maintain and continuously improve incident response plans, escalation playbooks, crisis decision trees, and communication protocols
  • Ensure that major incidents—including those involving third parties and cyber events—are managed in line with regulatory requirements
  • Integrate internal communications tools and channels into a unified communications strategy
  • Maintain and operate an auditable major incident log, with clear decision documentation, timelines, and actions taken
  • Drive optimization of incident response processes using data analytics, metrics and automation opportunities
  • Fulltime
Read More
Arrow Right

CSIRT Director

The CSIRT Director is a cybersecurity leader responsible for the complete owners...
Location
Location
Canada , Montreal
Salary
Salary:
Not provided
sita.aero Logo
SITA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 15+ years of progressive experience in cybersecurity, with at least 7+ years in a senior leadership role with direct accountability for security operations.
  • 5+ years of direct experience managing large, geographically distributed Security Operations Centers (SOCs) — including multi-site, multi-shift, 24/7/365 operations.
  • Bachelor's degree in computer science, Information Systems, Information Security, or a related discipline
  • or equivalent professional experience.
  • Active professional certification in at least one of the following: CISSP, CISM, CISA, GIAC GSOM, GIAC GCIH, or equivalent.
  • Proven experience managing global teams across multiple time zones and cultures, with a track record of building cohesive, high-performing distributed teams. With demonstrated ownership of an Incident Response Function and Team.
  • Demonstrated ownership of two or more of the following functions: SOC, CTEM / Vulnerability Management, Cyber Threat Intelligence,
  • Strong command of the MITRE ATT&CK framework, NIST CSF, and incident response methodologies (SANS PICERL, NIST 800-61).
  • Executive-level communication skills — ability to translate complex technical threats into business risk language for CISO, C-suite, and Board audiences.
Job Responsibility
Job Responsibility
  • Continuous Threat Exposure Management (CTEM) - Directs the organization's proactive exposure reduction program. This includes attack surface management, vulnerability prioritization, red team / purple team program oversight, penetration testing governance, and the coordination of remediation workflows with IT and engineering stakeholders.
  • Cyber Threat Intelligence (CTI) - Commands the intelligence function responsible for producing finished, operationalized threat intelligence. This includes strategic intelligence briefings to CISO and Board, tactical intelligence feeds into detection platforms, threat actor tracking, sector-specific threat analysis (transportation/aviation/border security), and third-party intelligence partnerships.
  • Incident Response (IR) - Owns the full incident response lifecycle. Accountable for IR planning and playbook governance, crisis management and executive communication during significant incidents, forensic capability oversight, tabletop exercise program, regulatory breach notification coordination, and post-incident reviews (PIRs).
  • Security Operations (SecOps) Collaboration - Direct and optimize resources across global SOC locations (Montreal, Cairo, Singapore), ensuring consistent standards, 24/7/365 coverage through a follow‑the‑sun operating model, and resilient business continuity with defined failover capabilities. Drive collaboration and intelligence sharing across sites while managing MSSP and third‑party partners to ensure performance, accountability, and unified global operations.
  • Strategic Leadership & Governance - Define and lead a multi‑year global CSIRT strategy, serving as the single point of accountability for threat exposure, intelligence, and incident response while aligning capabilities to business risk and industry frameworks. Own executive reporting, budget planning, and the establishment of clear SLAs and KPIs to ensure a mature, scalable, and effective cybersecurity operations program.
  • People Leadership & Talent Development - Lead, develop, and retain a high‑performing global cybersecurity operations team across CTEM, CTI, and Incident Response, fostering an inclusive, high‑accountability culture that enables collaboration across regions and time zones. Establish clear career pathways, performance management, and succession planning while overseeing staffing models, shift coverage, and on‑call operations across all SOC locations.
  • Executive & Stakeholder Engagement - Act as the primary liaison to the CISO, delivering executive‑ and board‑level insights on security operations, threat posture, and incident response effectiveness. Partner cross‑functionally with architecture, engineering, GRC, legal, and IT teams, and represent CSIRT in audits, regulatory reviews, and customer security engagements.
What we offer
What we offer
  • Work from home up to 2 days/week (depending on your team’s needs)
  • Flex Day: Make your workday suit your life and plans.
  • Flex Location: Take up to 30 days a year to work from any location in the world.
  • Employee Wellbeing: Employee Assistance Program (EAP) for you and your dependents 24/7, 365 days/year
  • Champion Health platform.
  • Professional Development: Access to world-class learning platforms including LinkedIn Learning, Microsoft's Enterprise Skills Initiative, Airport Council International, Pluralsight, Harvard Business Publishing, Stanford and many others.
  • Competitive Benefits: Competitive benefits that make sense with both your local market and employment status.
  • Fulltime
Read More
Arrow Right
New

Business Command Center Major-Cyber Incident Region Lead - Senior Vice President

The SVP C14, BCC Group Manager, serves as the APAC regional lead for Services Ma...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of relevant experience in incident management, cyber response, or a related field
  • Demonstrated experience in senior stakeholder management, including effective negotiation and influencing at executive levels
  • Proven track record in project management with demonstrable results in improving IT services and operational resilience
  • Exceptional leadership capabilities with a focus on team development and performance management
  • Superior written and verbal communication skills, consistently demonstrating clarity, conciseness, and the ability to tailor communication appropriately for diverse technical and non-technical audiences
  • Strong ability to plan, organize, and prioritize workload effectively in a fast-paced, high-pressure environment
  • Bachelor's/University degree required
Job Responsibility
Job Responsibility
  • Lead and coordinate major incident management and cyber response across all Services Lines of Business globally occurring during APAC time zone, operating within a 24x7x365 framework
  • Drive rapid engagement of key remediation resources and subject matter experts across functional groups to proactively avoid or minimize client-visible service disruptions
  • Establish and enforce consistent severity assessment across all regions and lines of business throughout the incident lifecycle
  • Oversee the timely publication of content-rich incident status updates tailored for client-facing Service teams and regulatory-facing Product Management teams
  • Coordinate proactive virtual war rooms for significant planned releases or anticipated market events to ensure preparedness and swift response
  • Develop, implement, and manage enhanced client escalation models for key platinum clients
  • Coordinate and manage cyber event response and communication for all SMBF Lines of Business globally
  • Provide oversight for the early capture of all technology-caused Near Miss events across Services and Markets
  • Manage the performance and development of direct reports and subordinate teams
  • Fulltime
Read More
Arrow Right

Senior Manager, Cyber Defense

The Senior Manager of Cyber Defense will lead the Cyber Defense team in the US. ...
Location
Location
United States
Salary
Salary:
231200.00 - 340000.00 USD / Year
doordash.com Logo
DoorDash
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience in information security and people management
  • Must have experience leading Incident Response, Incident Management, Investigations and Threat Hunt functions
  • Experience working with global partners in a follow-the-sun model
  • Experience providing technical leadership and guidance, and thinking strategically and analytically to solve problems
  • Excellent understanding of information security operations related frameworks and standards (e.g., MITRE ATT&CK and NIST)
  • Understanding and actively following the technology surrounding large language models
  • Excellent communication, presentation, and stakeholder management skills
  • Led with a people-first approach, is able to facilitate a conversation rather than dictate it, and is empathetic to divergent viewpoints
Job Responsibility
Job Responsibility
  • Develop and implement a roadmap for continuous improvement of the team's capabilities, to include building net new functional areas. Automation and AI feature prominently
  • Lead the response to information security incidents, including investigation of, countermeasures to, and recovery from cyber attacks, unauthorized access, and policy breaches
  • Especially with incidents, act as the executive support for Americas timezone business and Legal, which includes participating in on-call for escalations or sometimes an incident commander role in high profile cases
  • Define, monitor, and report key performance indicators and service level agreements for internal teams and external vendors
  • Develop, maintain, and execute on key incident response plans and playbooks for global response
  • Collect and analyze information security threat intelligence to proactively identify and assess threats that could impact DoorDash
  • Hire, mentor, and train security engineers, fostering a culture of continuous learning, resilience and sustainable work, knowledge sharing, and collaboration within the Cyber Defense team
What we offer
What we offer
  • 401(k) plan with employer matching
  • 16 weeks of paid parental leave
  • wellness benefits
  • commuter benefits match
  • paid time off
  • paid sick leave
  • medical, dental, and vision benefits
  • 11 paid holidays
  • disability and basic life insurance
  • family-forming assistance
  • Fulltime
Read More
Arrow Right
New

Senior Information Security Engineer-DFIR

Location
Location
India , Bengaluru
Salary
Salary:
Not provided
https://www.wellsfargo.com/ Logo
Wells Fargo
Expiration Date
May 21, 2026
Flip Icon
Requirements
Requirements
  • 4+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
  • at least 6 years of focused professional experience in DFIR, threat hunting, and digital forensics within highly regulated industries (financial services preferred) or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
  • Proven experience leading complex, multi‑team, enterprise‑wide programs in highly regulated organizations
  • Strong knowledge of digital forensics and incident response principles, tooling, and frameworks (e.g., case management systems, SOAR, log pipelines, forensics investigations, event triage)
  • Familiarity with SOC and IR functions, threat intelligence, detection engineering, and crisis management
  • Proficiency with program and project management tools and frameworks (e.g., JIRA, Confluence, Smartsheet, MS Project, SAFe, Agile, Waterfall/Hybrid)
  • Exceptional communication skills, including executive‑level reporting, stakeholder engagement, and risk management
  • Ability to operate effectively across highly technical and non‑technical domains, balancing operational needs with engineering constraints and business priorities
Job Responsibility
Job Responsibility
  • Lead or participate in computer security incident response activities for moderately complex events
  • Conduct technical investigation of security related incidents and post incident digital forensics to identify causes and recommend future mitigation strategies
  • Provide security consulting on medium projects for internal clients to ensure conformity with corporate information, security policy, and standards
  • Design, document, test, maintain, and provide issue resolution recommendations for moderately complex security solutions related to networking, cryptography, cloud, authentication and directory services, email, internet, applications, and endpoint security
  • Review and correlate security logs
  • Utilize subject matter knowledge in industry leading security solutions and best practices to implement one or more components of information security such as availability, integrity, confidentiality, risk management, threat identification, modeling, monitoring, incident response, access management, and business continuity
  • Identify security vulnerabilities and issues, perform risk assessments, and evaluate remediation alternatives
  • Collaborate and consult with peers, colleagues and managers to resolve issues and achieve goals
  • Conduct forensic analysis of cyber incidents including hacking, malware attacks, data breaches and insider threats
  • Identify, preserve, extract and analyze digital evidence from computers, mobile devices, servers, cloud systems, and other digital storage media
  • Fulltime
!
Read More
Arrow Right

Tech Lead - IR, Cyber Security, SecOps

As the Tech Lead of IR, you will be the captain of the front-line defence. You w...
Location
Location
India , Bangalore
Salary
Salary:
Not provided
jfrog.com Logo
JFrog
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Leadership Experience: 1+ years of experience leading technical teams or acting as a formal mentor/technical lead in a security context
  • Deep Technical Roots: 7+ years of industry experience in security with a focus on Information Security principles
  • Cloud Mastery: Proven expertise in attack and mitigation methods within complex AWS, GCP, or Azure environments
  • Incident Response Prowess: Extensive experience in risk prioritization and managing the lifecycle of security incidents in a global production environment
  • Technical Breadth: Mastery in at least 5 of the following: Endpoint Protection (EDR/XDR) & Zero Trust architecture
  • Identity Management (IAM/IDM) and SSO/SAML
  • Security Analytics (SIEM/Logging) such as ELK or Splunk
  • Container Security (Docker, Kubernetes)
  • Email Protection & Patch Management
  • Coding Proficiency: Ability to review and guide the development of security tools in Python or Go
Job Responsibility
Job Responsibility
  • Incident Command: Act as the primary escalation point for high-priority security incidents, leading the triage, containment, and post-mortem processes
  • Architect Operations: Oversee the design and execution of vulnerability management, SaaS security posture (CASB), and asset management at scale
  • Drive Automation: Champion "Security as Code" by leading the development of internal tools (Python/Go) to automate monitoring and remediation
  • Cross-Functional Partnership: Collaborate with SRE, DevOps, and Product teams to drive holistic fixes for systemic architectural vulnerabilities
  • Evangelize Security: Build a culture of security across the organization through training, documentation, and proactive risk management
Read More
Arrow Right

Principal Security Engineer

The Principal Security Engineer, under the direction of the Director of Security...
Location
Location
United States , Palo Alto
Salary
Salary:
147050.00 - 220800.00 USD / Year
wsgr.com Logo
Wilson, Sonsini, Goodrich & Rosati
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree required
  • 5+ of experience in Information Security
  • One or more of the following certifications preferred: GIAC, CISSP, CISM, CEH, CIPP
  • Focus on knowledge of direct support for Security Information and Event Management (SIEM) systems (e.g. configuration of feeds, developing alarm/report concepts), Red Teaming concepts and execution, and Linux skills including command line and operational/administrative usage
  • Extensive knowledge of traditional security controls and technologies, such as Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), public key infrastructure (PKI), identity and access management (IDAM) systems, antivirus and firewalls, in addition to newer offerings such as endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration, deception technologies and application controls
  • Experience with windows desktop, server, and database security
  • Ability to identify security technology risks and perform incident response
  • Extensive knowledge of TCP/IP networking including wireless, network monitoring/design and routing
  • Extensive understanding of the cyber kill-chain
  • Experience in cloud computing technologies, including software-, infrastructure and platform-as-a-service, as well as public, private, and hybrid environments
Job Responsibility
Job Responsibility
  • Provide subject matter expertise in information security as it relates to networks and systems
  • Manage the Firm’s security technology including but not limited to: anti-virus, vulnerability scanning, intrusion detection, content filtering, and insider threat systems
  • Review security events from all monitoring environments not integrated with the firm SIEM, and those events escalated by the SOC, on a daily basis, and follow defined incident response processes in their analysis and reporting
  • Monitor appropriate venues for threats to the security of the Wilson Sonsini Goodrich & Rosati environment. Provide notification to all impacted parties related to the actions needed to mitigate threats and manage the threat lifecycle in totality
  • Manage and lead evaluations of the firm’s environment by external 3rd parties. Produce recommendations that integrate any findings with the business needs of the firm
  • Maintain knowledge of the information security needs of firm clients and implement measures to satisfy those requirements in the most efficient manner
  • Keep abreast of emerging security technologies and discipline developments. Make appropriate recommendations that meet the firms needs
  • Design and build operational environments that scale to meet the needs of our security products and assure appropriate reliability
  • Support general troubleshooting related to information security tasks and provide support to end users as needed
  • Provide other teams with security consulting services, including responding to requests for additional information and assisting with specific projects
What we offer
What we offer
  • discretionary year-end merit bonus based on performance
  • highly competitive salary and benefits package
  • Fulltime
Read More
Arrow Right

SecOps Engineer

The SecOps Engineer manages and leads the resolution of high or critical severit...
Location
Location
United States , Milwaukee; Boston; Paramus
Salary
Salary:
135000.00 - 150000.00 USD / Year
veolianorthamerica.com Logo
Veolia
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s or Master’s Degree in Computer Science, Engineering, Information Security or extensive professional experience considered in place of a Bachelor’s degree
  • Min of 5 years of professional experience in SOC operations and/or incident response
  • Understanding of technologies and solutions utilized in cybersecurity and networks (SIEM, SOAR, Firewalls, IAM, IDS/IPS, End Point Protection, Threat Management/Intelligence)
  • Expertise in Cloud security such as AWS, GuardDuty, CloudTrail, Lambda, GCP, GCP Cloud Audit, Cloud Security Command Center, Log Explorer, GKE Logs, Kubernetes
  • Understanding of API security: REST, SOAP, OAuth, API Keys/Tokens, API Gateway
  • SaaS: SSPM, CASB
  • Familiarity with security frameworks, standards, and guidelines
  • Knowledge of current hacking techniques, vulnerability disclosures, data breach incidents, and security analysis techniques
  • Ability to work with complex problems where analysis of situations or data requires an in-depth evaluation of variable factors
  • Excellent troubleshooting and problem-solving skills
Job Responsibility
Job Responsibility
  • Work closely with and advise on security best practices for Cloud, Infrastructure, Developers and Data Analysts to ensure security is implemented by design
  • Design and implement technical security controls
  • Conduct security review/audit of Cloud, SaaS, Network, AI environments to identify and mitigate potential security risks
  • Develop and implement security automation workflows using scripting languages and/or automation tooling such as Torq, Tines, etc
  • Provide seniority and oversight for a SOC shift as needed
  • Conduct complex investigations and providing advice to other Security Analysts
  • Manage and lead High or Critical severity incident resolution
  • Develop customized scripts or procedures to automate the repetitive tasks and improve the efficiency of incident response activities
  • Provide expert advice on remediation and recovery efforts and develop threat remediation strategies
  • Perform proactive analysis of the attack surface and advising on potential threats and attack vectors
What we offer
What we offer
  • Paid time off policies
  • health, dental, vision, life insurance
  • savings accounts
  • tuition reimbursement
  • paid volunteering
  • employer sponsored 401(k) plan
  • Sick leave – 56 hours
  • Observed Holidays – 11 days
  • Vacation – Flexible Time Off
  • Eligible for up to 10% Annual Performance Bonus
  • Fulltime
Read More
Arrow Right