CrawlJobs Logo

Cyber Incident Response Commander

Canada, Montréal Employment contract · Job Posted May 20, 2026
Apply Position
Job Link Share

Job Description

The Cyber Incident Response Commander plays a critical leadership role in managing and coordinating the organization’s response to cybersecurity incidents. This role is responsible for ensuring that security events are effectively identified, assessed, contained, and remediated, while minimizing business impact. As part of the CERT (Computer Emergency Response Team), the Incident Response Commander works at the intersection of technical teams and business stakeholders, leading incident response activities and ensuring alignment with internal policies and regulatory requirements. The role reports to the Incident Response Manager.

Job Responsibility

  • Maintain and continuously improve the Incident Response Plan (IRP) and its appendices
  • Ensure alignment between the IRP and other relevant security policies and frameworks
  • Develop and refine incident response playbooks to ensure clarity of roles and operational efficiency
  • Collaborate with Legal and Communications teams to strengthen response processes
  • Tailor IRPs to specific scopes (e.g., regions, subsidiaries, maritime operations)
  • Capture lessons learned from incidents and provide actionable improvement recommendations
  • Identify links and patterns between incidents to improve detection and response strategies
  • Support internal and external audits by providing required documentation and evidence
  • Act as Incident Commander during security incidents, coordinating cross-functional teams
  • Assess incident severity and determine appropriate escalation levels
  • Formally declare major incidents in line with risk and regulatory criteria
  • Lead incident response activities in accordance with defined plans and playbooks
  • Ensure effective collaboration between technical and business stakeholders
  • Prioritize and oversee forensic investigations and evidence collection
  • Monitor incident lifecycle: analysis, containment, mitigation, and recovery
  • Ensure timely and clear communication, reporting, and stakeholder notifications
  • Contribute to Cyber Defense Center initiatives and transversal activities
  • Support cybersecurity projects, compliance efforts, and continuous improvement programs
  • Participate in strengthening CERT capabilities and overall cyber resilience

Requirements

  • Bachelor's degree (or equivalent) in Cybersecurity, Computer Science, or related STEM field
  • Minimum 5 years of experience in cybersecurity roles such as CERT / CSIRT, SOC / SecOps, GRC (Governance, Risk & Compliance)
  • Required Certifications (or equivalent experience): GCFA, CIH, CISSP, CEH, ECSA, ITIL Foundation
  • Strong knowledge of incident response methodologies (e.g., NIST, ISO 27035, SANS)
  • Experience with SOC operations and forensic investigations
  • Good understanding of security tools, detection, and response techniques
  • Ability to communicate complex cybersecurity topics to senior leadership and executives
  • Professional proficiency in English (written and spoken)

Nice to have

Experience in transport, shipping, or logistics environments

What we offer

  • Strong base salary
  • Annual performance bonus
  • Fully covered benefits package including life insurance, long-term disability, health, dental, and vision coverage, plus a health spending account
  • Sopra Steria covers 100% of premiums
  • Generous paid time off including sick leave, personal days, and 3 weeks of vacation
  • Monthly transportation allowance
  • Excellent learning, development, and career advancement opportunities
  • Hybrid work environment
  • All necessary equipment provided

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Cyber Incident Response Commander

8 matching positions

New

Director, Security Operations and Incident Response

At Comcast, we are committed to providing secure and reliable services for our c...
Location
Location
United States , Philadelphia
Salary
Salary:
Not provided
comcastcorporation.com Logo
Comcast
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of relevant cybersecurity experience, including leadership experience in cybersecurity operations, security incident response, threat hunting, threat detection, or enterprise SOC functions in a large, complex environment with at least 5 years of experience managing leaders of people
  • Demonstrated experience managing high-severity cybersecurity incidents, including executive communications, cross functional coordination, containment strategy, remediation oversight, and post-incident improvement
  • This role supports a 24x7 cybersecurity operation and requires availability outside of standard business hours, including nights, weekends, and holidays, during critical incidents and high-severity security events
  • Strong leadership experience building, managing, and scaling technical security teams, including managers, incident responders, SOC analysts, threat hunters, detection engineers, and specialized security professionals
  • Deep technical understanding of modern security operations, including SIEM, EDR, threat intelligence, malware analysis, digital forensics, cloud security, identity security, network security, automation, and detection engineering
  • Experience partnering with engineering teams to build, improve, and operationalize security tools, data platforms, dashboards, automations, telemetry pipelines, and analyst workflows
  • Proven ability to make high-impact decisions under pressure and lead teams through ambiguous, fast-moving security events
  • Experience developing incident response operating models, playbooks, escalation procedures, readiness exercises, metrics, and continuous improvement programs
  • Strong understanding of adversary tradecraft, threat hunting methodologies, detection lifecycle management, and frameworks such as MITRE ATT&CK
  • Strong executive communication skills, including the ability to brief senior leaders on risk, impact, operational status, capacity gaps, and recommended actions
Job Responsibility
Job Responsibility
  • Lead and scale Comcast’s SOC, Security Incident Response Team, threat hunting, and threat detection functions, ensuring the organization is trained, equipped, and structured to respond effectively to routine security events and major incidents
  • Build the operating model, staffing approach, escalation paths, runbooks, and surge capacity required to manage multiple concurrent major incidents
  • Serve as a senior incident commander for high-severity cybersecurity events, coordinating response across technical teams, business stakeholders, legal, privacy, communications, and executive leadership
  • Lead Comcast’s threat hunting function to proactively identify adversary behavior, emerging attack patterns, control gaps, and high-risk activity before it becomes a major incident. Including leading Purple Team activities
  • Own and mature the enterprise threat detection strategy, including detection coverage, alert fidelity, tuning, detection lifecycle management, and alignment to threat intelligence, adversary tradecraft, and business risk
  • Partner with security engineering, data engineering, platform engineering, and product teams to design and improve the tools, pipelines, dashboards, automations, and case management workflows used by cyber operations teams
  • Drive continuous improvement across SIEM use cases, endpoint detections, cloud detections, identity detections, network telemetry, enrichment pipelines, automation, and analyst workflows
  • Ensure lessons learned from incidents and hunts directly inform new detections, improved runbooks, stronger controls, and better response procedures
  • Develop and continuously improve incident response strategy, severity models, communications protocols, after-action reviews, and remediation tracking
  • Establish executive reporting on incident trends, SOC performance, detection quality, threat hunting outcomes, operational capacity, readiness gaps, and enterprise risk
What we offer
What we offer
  • Medical, prescription, vision, and dental insurance for eligible employees
  • 401(k) savings plan with dollar-for-dollar matching up to the first 6% of your pay
  • Paid time off including eight observed company holidays and flex time
  • Exclusive perks + discounts, including tuition assistance, commuter benefits and more
  • Fulltime
Read More
Arrow Right

Business Command Center Major and Cyber Incident Region Lead (SVP)

The Business Command Center (BCC) is a critical function supporting Citi's Servi...
Location
Location
Ireland , Dublin
Salary
Salary:
119760.00 - 179640.00 EUR / Year
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven Leadership Experience: Extensive experience in the financial services industry, with a focus on cash management, transactional banking, and trade operations
  • Stakeholder Management and Senior Leadership: Demonstrated expertise in managing executive-level communications and fostering alignment among diverse stakeholder groups and senior leadership
  • Global Collaboration Experience: Demonstrated experience working with global, multi-region initiatives, projects, and teams, including large matrix organizations
  • Influence and Collaboration: Ability to influence partners and drive cross-functional work to achieve optimal solutions to complex problems
  • Detail-Oriented and Results-Driven: Exceptional attention to detail, comprehensiveness of content, and ability to manage multiple assignments to completion under tight deadlines
  • Incident/Crisis Management Expertise: Deep understanding of incident and crisis management principles, including ownership, classification, initial support, escalation/notification, business impact analysis, and resolution tracking
  • Rapid Remediation & Escalation: Drive rapid engagement of key remediation resources and subject matter experts across functional groups to proactively avoid or minimize client-visible service disruptions. Ensure timely and effective escalation to key decision-makers and senior management
  • Severity Assessment & Communication: Establish and enforce consistent severity assessment across all regions and lines of business throughout the incident lifecycle, leveraging client impact and franchise risk criteria. Oversee the timely publication of content-rich incident status updates tailored for client-facing Service teams and regulatory-facing Product Management teams
  • Strategic Incident Preparedness: Coordinate proactive virtual war rooms for significant planned releases or anticipated market events to ensure preparedness and swift response
  • Enhanced Escalation Frameworks: Develop, implement, and manage enhanced client escalation models for key platinum clients, as well as robust internal escalation models for critical internal flows, such as Genesis Liquidity reporting
Job Responsibility
Job Responsibility
  • Proven Leadership Experience: Extensive experience in the financial services industry, with a focus on cash management, transactional banking, and trade operations
  • Stakeholder Management and Senior Leadership: Demonstrated expertise in managing executive-level communications and fostering alignment among diverse stakeholder groups and senior leadership
  • Global Collaboration Experience: Demonstrated experience working with global, multi-region initiatives, projects, and teams, including large matrix organizations
  • Influence and Collaboration: Ability to influence partners and drive cross-functional work to achieve optimal solutions to complex problems
  • Detail-Oriented and Results-Driven: Exceptional attention to detail, comprehensiveness of content, and ability to manage multiple assignments to completion under tight deadlines
  • Incident/Crisis Management Expertise: Deep understanding of incident and crisis management principles, including ownership, classification, initial support, escalation/notification, business impact analysis, and resolution tracking
  • Rapid Remediation & Escalation: Drive rapid engagement of key remediation resources and subject matter experts across functional groups to proactively avoid or minimize client-visible service disruptions. Ensure timely and effective escalation to key decision-makers and senior management
  • Severity Assessment & Communication: Establish and enforce consistent severity assessment across all regions and lines of business throughout the incident lifecycle, leveraging client impact and franchise risk criteria. Oversee the timely publication of content-rich incident status updates tailored for client-facing Service teams and regulatory-facing Product Management teams
  • Strategic Incident Preparedness: Coordinate proactive virtual war rooms for significant planned releases or anticipated market events to ensure preparedness and swift response
  • Enhanced Escalation Frameworks: Develop, implement, and manage enhanced client escalation models for key platinum clients, as well as robust internal escalation models for critical internal flows, such as Genesis Liquidity reporting
What we offer
What we offer
  • competitive base salary (which is annually reviewed)
  • hybrid working model (up to 2 days working at home per week)
  • additional benefits that support you (and your family) to be well, live well and save well
  • Fulltime
Read More
Arrow Right

Sr. Incident Commander

The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions t...
Location
Location
United States , Multiple Locations
Salary
Salary:
119800.00 - 234700.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, or related field OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR equivalent experience
  • Candidates must be able to meet Microsoft, customer and/or government security screening requirements are required for this role
  • Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter
  • Citizenship & Citizenship Verification: This role will require access to information that is controlled for export under export control regulations
  • Citizenship & Citizenship Verification: This position requires verification of citizenship due to citizenship-based legal restrictions
  • 7+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, and anomaly detection OR Master's Degree or Doctorate in Statistics, Mathematics, Computer Science or related field
  • CISSP, CISA, CISM, SANS, GCIA, GCIH, OSCP, and/or Security+ certification Strong program management skills
  • 5+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and operations incident response OR Bachelor's Degree in Statistics, Mathematics, Computer Science or related field
  • 5+ years of experience in information security incident handling and/or security operations
  • 5+ years of experience triaging security vulnerabilities and driving product and/or service response
Job Responsibility
Job Responsibility
  • Perform cyber defense incident and/or vulnerability triage to determine scope, urgency, and potential risk impact
  • Make high-stake decisions that enable expeditious remediation of risk to protect customers and Microsoft
  • Track and document cyber defense incidents from initial escalation through final resolution
  • Provide tactical security decisions and coordinate enterprise-wide cyber defenders to resolve incidents
  • Send timely and clear executive updates explaining the risk to customers and Microsoft
  • Advise and validate customer notifications and/or authoritative security guidance for customers
  • Conduct incident analysis, produce reports, and briefs informing threat landscape trends and future investment areas to improve security
  • Embody our culture and values
  • Fulltime
Read More
Arrow Right

Business Command Center Major-Cyber Incident Region Lead - Senior Vice President

The SVP C14, BCC Group Manager, serves as the APAC regional lead for Services Ma...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of relevant experience in incident management, cyber response, or a related field
  • Demonstrated experience in senior stakeholder management, including effective negotiation and influencing at executive levels
  • Proven track record in project management with demonstrable results in improving IT services and operational resilience
  • Exceptional leadership capabilities with a focus on team development and performance management
  • Superior written and verbal communication skills, consistently demonstrating clarity, conciseness, and the ability to tailor communication appropriately for diverse technical and non-technical audiences
  • Strong ability to plan, organize, and prioritize workload effectively in a fast-paced, high-pressure environment
  • Bachelor's/University degree required
Job Responsibility
Job Responsibility
  • Lead and coordinate major incident management and cyber response across all Services Lines of Business globally occurring during APAC time zone, operating within a 24x7x365 framework
  • Drive rapid engagement of key remediation resources and subject matter experts across functional groups to proactively avoid or minimize client-visible service disruptions
  • Establish and enforce consistent severity assessment across all regions and lines of business throughout the incident lifecycle
  • Oversee the timely publication of content-rich incident status updates tailored for client-facing Service teams and regulatory-facing Product Management teams
  • Coordinate proactive virtual war rooms for significant planned releases or anticipated market events to ensure preparedness and swift response
  • Develop, implement, and manage enhanced client escalation models for key platinum clients
  • Coordinate and manage cyber event response and communication for all SMBF Lines of Business globally
  • Provide oversight for the early capture of all technology-caused Near Miss events across Services and Markets
  • Manage the performance and development of direct reports and subordinate teams
  • Fulltime
Read More
Arrow Right
New

Icitap Transnational Organized Crime Advisor

Amentum is currently seeking a qualified candidate to serve as the Transnational...
Location
Location
Kosovo , Pristina
Salary
Salary:
Not provided
amentum.com Logo
Amentum
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of 10 years of experience in a command-level role within U.S. civilian law enforcement or in managing law enforcement reform and administration programs.
  • At least five years of experience conducting criminal investigations involving organized crime.
  • A minimum of two years of international experience, including overseas assignments or participation in international cooperation efforts.
  • Demonstrated ability to communicate diplomatically while managing competing priorities and deadlines across multiple stakeholders.
  • Proven experience operating in fast-paced environments with tight deadlines and evolving requirements.
  • Experience conducting and leading complex criminal investigations, preferably focused on organized and/or transnational crime cases.
  • Clearable: Must be able to obtain and maintain a Top Secret US Government Clearance. Note: US Citizenship is required to obtain a (specified clearance) Clearance.
Job Responsibility
Job Responsibility
  • In coordination with INL Pristina, the TOC Advisor will work and engage with interagency, regional, international, and host-nation partners on foreign assistance programs related to organized crime and complex criminal investigations.
  • The TOC Advisor is expected to lead or coordinate the following training activities as part of the core competencies expected of the position: Intelligence-led policing operationalization
  • Network-based TCO investigations
  • Financial investigations/asset tracing, including Suspicious Transaction Report (STR) exploitation and beneficial ownership analysis
  • Digital Forensic and Incident Response (DFIR) integration
  • Police–prosecutor investigative support including case coordination and development.
  • Investigative cooperation with U.S. interagency and law enforcement. The TOC Advisor will provide daily advice, mentorship, and ad hoc training to the KP and others to enhance investigatory best practices specifically to deter and effectively investigate transnational organized crime. The TOC Advisor will identify deficiencies in skills, then determine a course of action to effectively address the needs.
  • As necessary, the TOC advisor will provide specific case-based advice to host-nation law enforcement and prosecutors on investigations.
  • The TOC Advisor will work with ICITAP HQ and INL to develop project plans and budgets for ongoing and future law enforcement initiatives in Kosovo. The TOC Advisor will oversee the operational and administrative implementation of INL-funded TOC projects in Kosovo.
  • The TOC Advisor will serve as a law enforcement expert advisor for INL-funded assistance programs (implemented via ICITAP) in Kosovo.
  • Fulltime
Read More
Arrow Right

Global Business Continuity Senior Officer

Reporting to the Head of Business Continuity, the Global Business Continuity Sen...
Location
Location
Lithuania , Vilnius
Salary
Salary:
Not provided
alterdomus.com Logo
Alter Domus
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum 5 years of progressive experience in Business Continuity Management
  • Experience in incident management, crisis management, and business continuity with strong technology, cyber recovery, and vendor-risk knowledge
  • Some experience in driving resilience for financial services organizations, particularly client services and/or fund administration businesses
  • Motivation to build on the role and develop operational resilience to meet the expectations of our clients and regulators alike
  • Some understanding of global financial services regulations and technology trends
  • Experience with operational resilience frameworks and integration with enterprise risk management, technology resilience, and third-party risk programs
  • Knowledge of disaster recovery, IT service continuity, crisis communications, and emergency management in 24/7 operational environments
  • Experience in fund administration, private equity, real estate, or alternative investment environments
  • Successful regulatory examinations or audit management related to business continuity
  • Professional certifications such as CBCP, MBCI, CBCI, ISO 22301 Lead Implementer/Auditor, or equivalent
Job Responsibility
Job Responsibility
  • Support and maintain a comprehensive ISO 22301 compliant BCMS across the organization’s global operations including governance frameworks, policies, and procedures
  • Contribute to the strategic development of the BCMS, ensuring scalability and adaptability across multiple countries, business units, and regulatory jurisdictions
  • Maintain Business Continuity Plans (BCPs) with documented procedures that guide the organization to respond, recover, resume, and restore to pre-defined operational levels following disruptions
  • Act as the primary point of accountability for BCMS execution and maturity across the EMEA region
  • Support the maintenance of Crisis Management and Emergency Management frameworks
  • Implement the command structure for incident and crisis management
  • Coordinate cross-functional crisis response
  • Lead through incidents to minimize their impact on the organization’s operations
  • Deliver training and simulation exercises
  • Contribute to comprehensive training and awareness programs
What we offer
What we offer
  • Support for professional accreditations such as ACCA and study leave
  • Flexible arrangements, generous holidays, plus an additional day off for your birthday
  • Continuous mentoring along your career progression
  • Active sports, events and social committees across our offices
  • 24/7 support available from our Employee Assistance Program
  • The opportunity to invest in our growth and success through our Employee Share Plan
  • Plus additional local benefits depending on your location
  • Fulltime
Read More
Arrow Right

Senior Threat Hunter

Senior Threat Hunter (U42 MTH) - Job Description
Location
Location
India , Bengaluru
Salary
Salary:
Not provided
paloaltonetworks.it Logo
Palo Alto Networks Italia
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of relevant cybersecurity experience, preferably in threat hunting, incident investigation, SOC analysis, detection engineering, DFIR, MDR, or a similar security operations role
  • Strong understanding of the evolving threat landscape, including attack tools, tactics, and techniques, as well as networking and security fundamentals
  • Experience investigating suspicious activity, security incidents, or targeted threats across endpoints, networks, identity, and cloud
  • Ability to work independently, make sound investigative decisions, and escalate when findings require additional review or urgent action
  • Experience handling customer-facing or stakeholder-facing security requests, including clear written communication, investigation summaries, and recommendations
  • Understanding of attacker behaviors, including attack vectors, execution, persistence, privilege escalation, lateral movement, credential theft, command and control, and data exfiltration
  • Background in writing, modifying, or executing detections, hunting queries, or log-based investigations
  • Familiarity with organizational cybersecurity measures, including protective tools, response actions, and remediation techniques
  • Excellent written and oral communication skills in English
  • Strong attention to detail and ability to clearly document investigation logic, findings, and conclusions
Job Responsibility
Job Responsibility
  • Help multinational organizations stay one step ahead of adversaries and cyber threats
  • Collaborate with customers via handling inbound communications
  • Provide support and assistance to the Managed Detection and Response (MDR) team for hunting-related activities
  • Serve as a critical line of defense by providing coverage for core threat hunting activities
  • Collaborate with and guide customers by responding to hunting-related requests and issues related to suspected security incidents
  • Execute existing threat hunting reports and hunting workflows, investigate results, and support timely customer reporting
  • Investigate hunting leads based on IOCs, threat intelligence, and internal detections
  • Monitor the threat landscape and help prepare initial context for emerging campaigns, enabling the global team to continue deeper investigation during the week
  • Ensure timely and appropriate escalation of major or high-impact security events to leadership
  • Provide ongoing feedback on findings, hunting reports, queries, and operational workflows to support continuous improvement
Read More
Arrow Right

Senior Threat Hunter (Unit 42)

We’re not your ordinary Threat Hunting team. We’re a diverse and global group of...
Location
Location
India , Bengaluru
Salary
Salary:
Not provided
paloaltonetworks.com Logo
Palo Alto Networks
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of relevant cybersecurity experience, preferably in threat hunting, incident investigation, SOC analysis, detection engineering, DFIR, MDR, or a similar security operations role
  • Strong understanding of the evolving threat landscape, including attack tools, tactics, and techniques, as well as networking and security fundamentals
  • Experience investigating suspicious activity, security incidents, or targeted threats across endpoints, networks, identity, and cloud
  • Ability to work independently, make sound investigative decisions, and escalate when findings require additional review or urgent action
  • Experience handling customer-facing or stakeholder-facing security requests, including clear written communication, investigation summaries, and recommendations
  • Understanding of attacker behaviors, including attack vectors, execution, persistence, privilege escalation, lateral movement, credential theft, command and control, and data exfiltration
  • Background in writing, modifying, or executing detections, hunting queries, or log-based investigations
  • Familiarity with organizational cybersecurity measures, including protective tools, response actions, and remediation techniques
  • Excellent written and oral communication skills in English
  • Strong attention to detail and ability to clearly document investigation logic, findings, and conclusions
Job Responsibility
Job Responsibility
  • Help multinational organizations stay one step ahead of adversaries and cyber threats
  • Collaborate with customers via handling inbound communications
  • Provide support and assistance to the Managed Detection and Response (MDR) team for hunting-related activities
  • Serve as a critical line of defense by providing coverage for core threat hunting activities
  • Collaborate with and guide customers by responding to hunting-related requests and issues related to suspected security incidents
  • Execute existing threat hunting reports and hunting workflows, investigate results, and support timely customer reporting
  • Investigate hunting leads based on IOCs, threat intelligence, and internal detections
  • Monitor the threat landscape and help prepare initial context for emerging campaigns, enabling the global team to continue deeper investigation during the week
  • Ensure timely and appropriate escalation of major or high-impact security events to leadership
  • Provide ongoing feedback on findings, hunting reports, queries, and operational workflows to support continuous improvement
  • Fulltime
Read More
Arrow Right