Security Incident Commander

Summary

Join Thrive, a rapidly growing technology solutions provider, as an Incident Commander to lead critical security incident operations. This essential role involves directing and coordinating all activities and resources during security incidents, ensuring alignment across internal teams and with clients. You will act as the single point of accountability for high-severity incidents, driving containment, eradication, recovery, and client communication. The ideal candidate possesses technical fluency and strong executive presence to guide multi-team efforts under pressure. This leadership position requires proven incident response experience and a deep understanding of cybersecurity best practices. Thrive offers a work hard, play hard environment with opportunities for career growth and development.

Requirements

• Proven incident response experience with demonstrated leadership of cross-functional security teams
• Proven success commanding high-impact cybersecurity incidents in a fast-paced, customer-facing environment
• Strong understanding of attack lifecycle stages, investigative workflows, and containment best practices
• Deep knowledge of modern attacker tactics and incident frameworks (MITRE ATT&CK, Cyber Kill Chain, NIST 800-61)
• Excellent communication skills, with experience briefing clients, executives, and cross-disciplinary teams
• Familiarity with security tools (SIEM, EDR, forensic platforms), system/network architecture, incident response methodologies, and backup and disaster recovery plans
• Ability to multitask and make decisions quickly under pressure

Responsibilities

• Serve as the lead Incident Commander for complex or high-priority cybersecurity incidents, assuming control from initial scoping through post-incident review
• Act as the central coordination point across all parties engaged in security incidents
• Ensure that all internal actions are synchronized, prioritized, and in alignment with client needs and Thrive’s incident response methodology
• Set the operational tempo, assign task owners, and communicate timelines, dependencies, and roadblocks in real-time
• Drive incident lifecycle management with a focus on containment, minimizing business disruption, and maintaining security assurance
• Maintain clear, structured communication with client stakeholders and Thrive leadership, including updates on threat actor behavior, system impact, business risk, and required decisions
• Lead conference bridges during incident response, ensuring everyone is aligned and progressing toward resolution
• Approve restoration plans, re-entry conditions, and sequencing to minimize risk of re-compromise
• Serve as the public face of Thrive during a cybersecurity crisis, guiding clients with authority and confidence through incident containment and recovery
• Provide real-time risk assessments and business impact updates to client executive teams, IT leads, and legal stakeholders
• Assist clients in coordination with cyber insurance or legal counsel when applicable
• Advocate for long-term maturity improvements post-incident, helping position Thrive as a trusted partner
• Continually enhance Thrive’s playbooks, escalation frameworks, and IR documentation based on lessons learned from real-world incidents
• Lead internal after-action reviews and root cause analysis meetings with technical teams and business units
• Partner with Security Engineering to validate detection coverage and response automation opportunities
• Conduct tabletop with internal Thrive teams to test and improve readiness for various threat scenarios
• Promote a strong, communicative culture of shared accountability and post-incident learning across all Thrive teams

Preferred Qualifications

• Experience with MSSP coordination, including multi-tenant incident response and customer escalation management
• Familiarity with tools like SentinelOne, Microsoft 365 Defender, Fortinet, CrowdStrike, and similar platforms
• Experience integrating legal, compliance, or insurance considerations into incident decision-making
• GCIH – GIAC Certified Incident Handler
• GCFA – GIAC Certified Forensic Analyst
• GCFE – GIAC Certified Forensic Examiner
• CHFI – Computer Hacking Forensic Investigator
• CISSP , CISM , or other management-level security certifications are a plus