We are seeking an Incident Commander to lead our response capabilities through a code-first lens. You are dedicated to minimizing impact and downtime by deploying automation and ensuring total observability across our environment. You will serve as an Incident Commander during critical Cybersecurity incidents, simultaneously building the integrations and tools that scale our ability to detect, respond, and recover. This role will be a hybrid opportunity in Atlanta, GA and will report to our Sr. Manager Cybersecurity.
Incident Command & Crisis Management: Act as the primary Incident Commander for critical cybersecurity events. You will drive technical bridges, manage cross-functional resources, and ensure clear communication streams to minimize business downtime.
Engineering Resilience: Pivot from reactive "fire-fighting" to proactive "fire-proofing." operationalize "Security as Code" by developing automation scripts and SOAR workflows to handle repetitive threats.
Observability & Detection: Enhance our threat detection capabilities by treating logs as data pipelines. Work with engineering teams to ensure our monitoring tools provide high-fidelity signals, not just noise.
Blameless Post-Mortems: Lead comprehensive After-Action Reviews (AARs) with a focus on root cause analysis. Translate findings into architectural improvements rather than policy patches.
Tooling & Integration: Bridge the gap between Security and DevOps. Build and refine integrations between our security stack (SIEM, EDR) and infrastructure tools (CI/CD, Cloud providers) to streamline response capabilities.
On-Call Rotation: Participate in a structured on-call rotation to provide critical command coverage outside of standard business hours, ensuring 24/7 operational continuity and rapid remediation.
5+ years of experience in product security, application security, or security architecture.
Command Presence: Proven ability to manage complex, high-stress incidents with clarity and authority. You can translate technical crises into business language for executive stakeholders.
Hybrid Background: Experience in Incident Response is critical, but we highly value candidates coming from DevOps, SRE, or Infrastructure Engineering backgrounds who want to apply their skills to Security.
Automation First Mindset: Proficiency in scripting (Python, Go, or PowerShell) and familiarity with automation platforms.
Cloud Fluency: Deep understanding of cloud-native infrastructure (AWS/GCP/Azure) and how to respond to incidents within containerized (Kubernetes/Docker) environments.
-
Frameworks: Deep understanding of incident handling lifecycles (NIST 800-61) and attacker TTPs (MITRE ATT&CK).