CrawlJobs Logo
Uber Logo Uber · IT - Administration

Senior Security Incident Commander

United States, Seattle 180000.00 - 200000.00 USD / Year · Job Posted February 11, 2026
Apply Position
Job Link Share

Job Description

As a Senior Security Technologist, Incident Command, you are accountable for leading Uber’s most critical, complex, and high-impact security incidents end-to-end - from escalation to containment, recovery, and systemic remediation. You operate at the intersection of Fire Captain, NTSB Investigator, and hands-on technical practitioner. In the moment, you take command - setting strategy, assigning resources, and making high-consequence decisions under pressure. After the smoke clears, you drive deep technical investigation and post-incident analysis to ensure we understand not just what happened, but why it happened, and that meaningful, durable fixes are made.

Job Responsibility

  • Command the highest severity and most complex security incidents across Uber and its subsidiaries, serving as the single accountable leader during active response
  • Participate in an on-call rotation where you are expected to make real-time decisions with incomplete information, balancing speed, risk, and impact
  • Act as the incident authority, not just a facilitator - forming hypotheses, setting strategy, and directing investigative focus
  • Transition seamlessly between executive-level incident leadership and hands-on technical investigation, including log analysis, system interrogation, and root cause validation
  • Serve as the primary interface to senior leadership during critical incidents, translating evolving technical realities into clear risk, impact, and decision frameworks
  • Build and maintain strong working relationships with global engineering, infrastructure, legal, privacy, and operations teams to enable fast, coordinated response
  • Conduct rigorous post-incident analysis in the spirit of an NTSB investigation - focused on systemic causes, contributing factors, and concrete prevention
  • Mentor and develop other responders and incident leaders, raising the organization’s ability to handle complex, time-critical security events
  • Lead and materially contribute to initiatives that mature Uber’s incident response program, including: High-fidelity incident simulations and technical tabletop exercises
  • Threat-informed response planning and scenario development
  • ‘Left of boom’ threat modeling to prevent incidents before they occur
  • Improvements to detection, containment, and response automation
  • Adoption of new investigative techniques and tooling, including AI-assisted workflows

Requirements

  • 5+ years in security operations, detection, or incident response roles at scale, with demonstrated ownership of ambiguous, large, complex, high-impact incidents
  • Deep familiarity with modern attacker TTPs and how they manifest across logs, systems, networks, endpoints, and applications
  • Strong technical investigation skills - comfortable working directly with logs, telemetry, and raw system data to validate hypotheses and determine root cause
  • Experience briefing executives during active incidents, with the ability to clearly explain tradeoffs, risks, and recommended actions
  • Experience designing or running technical incident simulations (tabletops, purple team exercises, or similar) that stress real-world response capabilities
  • Experience building or leveraging AI-driven tooling to improve incident response posture, applying frontier technology to workflows such as triage, investigation, correlation, or decision support

Nice to have

  • Demonstrated experience leading other responders through direct command during incidents and longer-term technical mentorship
  • Strong bias for action and continuous improvement
  • Experience responding to incidents in highly distributed, cloud-scale environments where blast radius and coordination complexity are significant
  • Broad security domain knowledge (infrastructure, endpoint, product, identity, data) and the ability to reason across them during incidents
  • Ability to script or code (Python, Go, or similar) to automate response tasks, prototype tooling, or close operational gaps

What we offer

  • Eligible to participate in Uber's bonus program
  • May be offered an equity award & other types of comp
  • All full-time employees are eligible to participate in a 401(k) plan
  • Eligible for various benefits (see link)
Uber - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Senior Security Incident Commander

8 matching positions

Senior Security Engineer - Incident Response

Mozilla is looking for an Incident Responder to monitor and mitigate attacks acr...
Location
Location
Germany
Salary
Salary:
Not provided
mozilla.org Logo
Mozilla
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of demonstrated ability managing security incidents at a global scale and/or experience working in Security Operations Centers (SOC), Product Security Incident Response Teams (PSIRT), and Computer Security Incident Response Teams (CSIRT)
  • Expertise with security information and event management (SIEM) systems (eg. ELK, Google BigQuery, Splunk, etc.). Splunk proficiency is preferred
  • Expertise with endpoint detection and investigation. Hands-on experience with leading EDR tools and demonstrated ability to leverage endpoint telemetry to find root cause
  • Expertise with security orchestration and automation (SOAR) platforms such as Tines or Splunk SOAR
  • Superb communication and leadership capacity
  • ability to partner effectively with diverse company stakeholders
  • Real-world experience in software development and/or engineering operations for consumer products and services
  • B.S. in a technology-focused field is helpful
  • Practical experience working with cloud technologies (eg. Google Cloud Platform, Amazon Web Services, Heroku, Microsoft Azure, etc.)
  • Ownership and Accountability
Job Responsibility
Job Responsibility
  • Identify and respond to security incidents on a global scale
  • Act as an incident commander to drive incidents through the entire response lifecycle
  • Design and maintain a portfolio of security alerts, automated actions, playbooks and escalation workflows in support of a high-performing 24/7 incident response capability
  • Conduct threat hunting activities, anticipate future threats, and maintain forward-thinking strategies for tools/technology/processes that combat sophisticated threat actors
  • Research threat intelligence reports, triage and manage resulting workflows
  • Partner with key stakeholders and communicate effectively to maintain a continuously improving feedback loop of preparation, identification, analysis, containment, and post mortem activities
  • Participate in on-call rotation
What we offer
What we offer
  • Generous performance-based bonus plans
  • Rich medical, dental, and vision coverage
  • Generous retirement contributions with 100% immediate vesting
  • Quarterly all-company wellness days
  • Country specific holidays plus a day off for your birthday
  • One-time home office stipend
  • Annual professional development budget
  • Quarterly well-being stipend
  • Considerable paid parental leave
  • Employee referral bonus program
  • Fulltime
Read More
Arrow Right

Senior Security Operations Engineer II

As a Senior Security Operations Engineer, you’ll play a key role in ensuring the...
Location
Location
United States , Scottsdale
Salary
Salary:
Not provided
axon.com Logo
Axon
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of experience in operations, site reliability, or infrastructure engineering roles
  • Strong experience securing and managing cloud environments (e.g., AWS, Azure) and containerized workloads
  • Deep understanding of Linux systems, networking, distributed systems, and their associated security controls
  • Proficiency in automation, scripting, and security tooling integration to streamline operations and enforcement
  • Experience with security monitoring, alerting, SIEM platforms, and observability tools
  • Solid grasp of CI/CD practices with integrated security testing and compliance checks
  • Experience managing Kubernetes clusters and running containerized workloads in production
  • Experience with deploying and administrating any of the following: scalable cloud native secrets solutions such as AWS KMS, Azure KeyVault
  • PKI solutions such as EJBCA, Smallstep, Venafi
  • or vaulting solutions such as Hashicorp Vault
Job Responsibility
Job Responsibility
  • Implementing and improving automated security checks in CI/CD pipelines to prevent vulnerabilities from reaching production
  • Writing, reviewing, and maintaining security-focused infrastructure-as-code for scalable and compliant deployments
  • Investigating security incidents, performing root cause analysis, and implementing long-term mitigation strategies
  • Collaborating with developers to develop new features, services, and infrastructure requirements
  • Enhancing security observability through improved log collection, metrics, and alerting configurations
  • Maintaining and improving security runbooks, incident response playbooks, and internal security tooling for operational efficiency
  • Resolve security/infrastructure incidents by participating in high impact/high visibility incidents as a participant and ideally as an incident commander
  • Maintain and secure critical infrastructure components such as PKI (Public Key Infrastructure) and IAM ( Identity & Access Management) systems, ensuring reliability, scalability, and compliance with organizational and industry security standards
  • Build and maintain secure, reliable, and scalable infrastructure that protects core services and sensitive data
  • Troubleshoot and resolve complex operational and system-level issues across environments
What we offer
What we offer
  • Competitive salary and 401k with employer match
  • Discretionary paid time off
  • Paid parental leave for all
  • Medical, Dental, Vision plans
  • Fitness Programs
  • Emotional & Mental Wellness support
  • Learning & Development programs
  • Snacks in our offices
  • Fulltime
Read More
Arrow Right

Senior Security Operations Engineer II

As a Senior Security Operations Engineer, you’ll play a key role in ensuring the...
Location
Location
United States , Scottsdale
Salary
Salary:
Not provided
axon.com Logo
Axon
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of experience in operations, site reliability, or infrastructure engineering roles
  • Strong experience securing and managing cloud environments (e.g., AWS, Azure) and containerized workloads
  • Deep understanding of Linux systems, networking, distributed systems, and their associated security controls
  • Proficiency in automation, scripting, and security tooling integration to streamline operations and enforcement
  • Experience with security monitoring, alerting, SIEM platforms, and observability tools
  • Solid grasp of CI/CD practices with integrated security testing and compliance checks
  • Experience managing Kubernetes clusters and running containerized workloads in production
  • Experience with deploying and administrating any of the following: scalable cloud native secrets solutions such as AWS KMS, Azure KeyVault
  • PKI solutions such as EJBCA, Smallstep, Venafi
  • or vaulting solutions such as Hashicorp Vault
Job Responsibility
Job Responsibility
  • Implementing and improving automated security checks in CI/CD pipelines to prevent vulnerabilities from reaching production
  • Writing, reviewing, and maintaining security-focused infrastructure-as-code for scalable and compliant deployments
  • Investigating security incidents, performing root cause analysis, and implementing long-term mitigation strategies
  • Collaborating with developers to develop new features, services, and infrastructure requirements
  • Enhancing security observability through improved log collection, metrics, and alerting configurations
  • Maintaining and improving security runbooks, incident response playbooks, and internal security tooling for operational efficiency
  • Resolve security/infrastructure incidents by participating in high impact/high visibility incidents as a participant and ideally as an incident commander
  • Maintain and secure critical infrastructure components such as PKI (Public Key Infrastructure) and IAM ( Identity & Access Management) systems, ensuring reliability, scalability, and compliance with organizational and industry security standards
  • Build and maintain secure, reliable, and scalable infrastructure that protects core services and sensitive data
  • Troubleshoot and resolve complex operational and system-level issues across environments
What we offer
What we offer
  • Competitive salary and 401k with employer match
  • Discretionary paid time off
  • Paid parental leave for all
  • Medical, Dental, Vision plans
  • Fitness Programs
  • Emotional & Mental Wellness support
  • Learning & Development programs
  • Snacks in our offices
  • Fulltime
Read More
Arrow Right

Cyber Incident Response Commander

The Cyber Incident Response Commander plays a critical leadership role in managi...
Location
Location
Canada , Montréal
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree (or equivalent) in Cybersecurity, Computer Science, or related STEM field
  • Minimum 5 years of experience in cybersecurity roles such as CERT / CSIRT, SOC / SecOps, GRC (Governance, Risk & Compliance)
  • Required Certifications (or equivalent experience): GCFA, CIH, CISSP, CEH, ECSA, ITIL Foundation
  • Strong knowledge of incident response methodologies (e.g., NIST, ISO 27035, SANS)
  • Experience with SOC operations and forensic investigations
  • Good understanding of security tools, detection, and response techniques
  • Ability to communicate complex cybersecurity topics to senior leadership and executives
  • Professional proficiency in English (written and spoken)
Job Responsibility
Job Responsibility
  • Maintain and continuously improve the Incident Response Plan (IRP) and its appendices
  • Ensure alignment between the IRP and other relevant security policies and frameworks
  • Develop and refine incident response playbooks to ensure clarity of roles and operational efficiency
  • Collaborate with Legal and Communications teams to strengthen response processes
  • Tailor IRPs to specific scopes (e.g., regions, subsidiaries, maritime operations)
  • Capture lessons learned from incidents and provide actionable improvement recommendations
  • Identify links and patterns between incidents to improve detection and response strategies
  • Support internal and external audits by providing required documentation and evidence
  • Act as Incident Commander during security incidents, coordinating cross-functional teams
  • Assess incident severity and determine appropriate escalation levels
What we offer
What we offer
  • Strong base salary
  • Annual performance bonus
  • Fully covered benefits package including life insurance, long-term disability, health, dental, and vision coverage, plus a health spending account
  • Sopra Steria covers 100% of premiums
  • Generous paid time off including sick leave, personal days, and 3 weeks of vacation
  • Monthly transportation allowance
  • Excellent learning, development, and career advancement opportunities
  • Hybrid work environment
  • All necessary equipment provided
  • Fulltime
Read More
Arrow Right

Global Senior Physical Security Manager

The Global Sr. Physical Security Manager is responsible for defining and executi...
Location
Location
United States , Santa Clara
Salary
Salary:
162480.00 - 243720.00 USD / Year
amd.com Logo
AMD
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree or equivalent experience in Security, Business, or related field
  • 10–15+ years of progressive experience in physical security with global or multi-regional scope
  • Proven leadership of enterprise security programs, GSOC operations, and crisis management
  • Strong understanding of risk assessment methodologies and modern security technologies
  • Experience managing third-party vendors and performance metrics
  • Demonstrated success leading distributed teams in complex environments
Job Responsibility
Job Responsibility
  • Define and execute AMD’s global physical security expectations aligned with enterprise risk and business objectives
  • Oversee global security operations across offices, labs, and manufacturing environments, ensuring consistent standards
  • Lead crisis management and emergency response programs, including incident command and after-action improvements
  • Drive development and maturity of AMD’s Global Security Operations Center (GSOC), including monitoring and intelligence capabilities
  • Oversee secure movement of high-value products, prototypes, and sensitive materials across the supply chain
  • Lead global risk assessments, threat analysis, and mitigation planning for facilities and operations
  • Develop and implement security training programs to strengthen awareness and culture across AMD
  • Establish and maintain global SOPs and security standards for internal teams and contracted personnel
  • Define and manage KPIs/SLAs for security vendors
  • conduct audits and drive performance improvements
  • Fulltime
Read More
Arrow Right

Senior Cloud Security Assurance

The Senior Cloud Security Assurance role at NTT DATA involves developing secure ...
Location
Location
Romania , Cluj
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Information Security, Cybersecurity, or a relevant IT field (Master’s degree preferred)
  • Minimum 5-10 years experience in cybersecurity
  • Experience of at least 2+ years in security architecture, compliance, and cloud security roles
  • Working with frameworks such as ISO 27001, NIS/NIS2, or NIST CSF
  • Deep understanding of cloud security principles including management of GCP and AWS platforms
  • Familiarity with IAM, CASB, SIEM, and container security solutions
  • CISSP or SABSA certifications preferred
  • Cloud-specific certifications preferred (e.g., AWS Security Specialty, Azure Solutions ArchitectA)
  • Proven ability to collaborate across diverse technical teams, influencing senior stakeholders in an advisory capacity
  • Excellent communication and presentation skills for delivering complex technical concepts to non-specialist audiences
Job Responsibility
Job Responsibility
  • Translate business and compliance requirements into practical, well-documented security architecture designs using recognized frameworks (e.g., ISO 27001, NIST, CIS)
  • Develop, document, and maintain consistent secure architectural patterns with an emphasis on cloud security (AWS, GCP)
  • Implement threat-informed design principles, integrating zero trust architectures and defensive depth strategies to address security gaps and enhance resilience
  • Maintain alignment between security policies, enterprise architecture principles, and client expectations
  • Conduct comprehensive risk assessments and threat modeling to evaluate existing or proposed architectures for vulnerabilities
  • Provide actionable mitigation strategies informed by a risk-based approach and evolving threat intelligence data
  • Participate in or support incident response initiatives, aiding in root cause analysis and the development of post-incident recommendations
  • Act as a trusted advisor to clients by engaging in technical discussions to inform strategic security decisions
  • Collaborate cross-functionally with development, operations, and engineering teams to validate that security controls are effectively implemented across the development lifecycle
  • Deliver technical insights in presentations, workshops, and reports tailored to both technical and executive audiences
What we offer
What we offer
  • Smooth integration and a supportive mentor
  • Choose from Remote, Hybrid or Office work opportunities
  • Projects have different working hours to suit your needs
  • Sponsored certifications, trainings and top e-learning platforms
  • Private Health Insurance
  • Individual coaching sessions or accredited Coaching School
  • Epic parties or themed events
Read More
Arrow Right

Senior Cloud Security Assurance

NTT DATA is one of the world's largest global security service providers, partne...
Location
Location
Romania , Cluj
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Information Security, Cybersecurity, or a relevant IT field (Master’s degree preferred)
  • Minimum 5-10 years experience in security architecture, compliance, and cloud security roles, working with frameworks such as ISO 27001, NIS/NIS2, or NIST CSF
  • Deep understanding of cloud security principles including management on AWS, and GCP platforms
  • Familiarity with IAM, CASB, SIEM, and container security solutions
  • CISSP or SABSA certifications required
  • Cloud-specific certifications preferred (e.g., AWS Security Specialty, zure Solutions ArchitectA)
  • Direct experience working in government, military, or intelligence organizations advantageous
  • Must meet UK SC Clearance eligibility guidelines
  • Proven ability to collaborate across diverse technical teams, influencing senior stakeholders in an advisory capacity
  • Excellent communication and presentation skills for delivering complex technical concepts to non-specialist audiences
Job Responsibility
Job Responsibility
  • Translate business and compliance requirements into practical, well-documented security architecture designs using recognized frameworks (e.g., ISO 27001, NIST, CIS)
  • Develop, document, and maintain consistent secure architectural patterns with an emphasis on cloud security (AWS, GCP)
  • Implement threat-informed design principles, integrating zero trust architectures and defensive depth strategies to address security gaps and enhance resilience
  • Maintain alignment between security policies, enterprise architecture principles, and client expectations
  • Conduct comprehensive risk assessments and threat modeling to evaluate existing or proposed architectures for vulnerabilities
  • Provide actionable mitigation strategies informed by a risk-based approach and evolving threat intelligence data
  • Participate in or support incident response initiatives, aiding in root cause analysis and the development of post-incident recommendations
  • Act as a trusted advisor to clients by engaging in technical discussions to inform strategic security decisions
  • Collaborate cross-functionally with development, operations, and engineering teams to validate that security controls are effectively implemented across the development lifecycle
  • Deliver technical insights in presentations, workshops, and reports tailored to both technical and executive audiences
What we offer
What we offer
  • Smooth integration and a supportive mentor
  • Pick your working style: choose from Remote, Hybrid or Office work opportunities
  • Projects have different working hours to suit your needs
  • Sponsored certifications, trainings and top e-learning platforms
  • Private Health Insurance
  • Individual coaching sessions or joining our accredited Coaching School
  • Epic parties or themed events
Read More
Arrow Right

Senior Cloud Security Engineer

Our client has revolutionised the world of payments with their cutting-edge tech...
Location
Location
United Kingdom , Greater London
Salary
Salary:
90000.00 - 120000.00 GBP / Year
brosterbuchanan.com Logo
Broster Buchanan
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • You live on the linux command line
  • Your current research and experience back up your opinionated views on security practices and tradeoffs, which you love to openly debate and willingly share
  • You’re sought after for your Kubernetes security expertise and have developed complex heavily customised multi-cluser environments
  • Your security expertise extends to at least one public cloud, including essential security features and long-term security hardening practices
  • You appreciate building systems with good engineering practices and may have a background in software engineering at scale
  • You’re open to being a part of an on-call rota, ready to respond if we have a severe, platform-impacting security tooling failure or need second-line security incident response assistance
Job Responsibility
Job Responsibility
  • You will build and run defensive security controls for highly-available multi-cloud payment systems running the latest technology
  • You will understand current threats, exploitation paths and risk tradeoffs in order to advise engineering teams on beneficial security features as well as prioritise management of defensive controls
  • Fulltime
Read More
Arrow Right