Cybersecurity Incident Commander
Dormont Manufacturing Co
Employee Applicant Privacy Notice Who we are: Shape a brighter financial future with us. Together with our members, we’re changing the way people think about and interact with personal finance. We’re a next-generation financial services company and national bank using innovative, mobile-first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we’re at the forefront. We’re proud to come to work every day knowing that what we do has a direct impact on people’s lives, with our core values guiding us every step of the way. Join us to invest in yourself, your career, and the financial world. The Role: We are seeking a Cybersecurity Incident Commander to join SoFi’s Cyber Defense program and lead incident command efforts across the organization. This role will serve as a central driver for security incident response, ensuring effective management of day-to-day incidents as well as large-scale, high-impact cybersecurity events. The SOC team is responsible for monitoring, analyzing, and responding to security events across SoFi’s infrastructure and applications. As a dedicated incident response resource within Cyber Defense, you will coordinate cross-functional response efforts, maintain incident command structure during active events, and ensure consistent communication, documentation, and resolution tracking. This is a highly visible role that partners closely with SOC Analysts, Threat Research, Offensive Security, Tools Automation & Operations (TAO), Engineering, IT, Legal, Risk, Executive team, and other stakeholders to drive timely containment, eradication, and recovery. The ideal candidate thrives in fast-paced environments, brings structure to ambiguity, has exceptional communication skills, and can effectively drive complex incidents from detection through post-incident review. What You’ll Do: Serve as the primary Security Incident Commander for security incidents identified by the SOC. Lead and manage the end-to-end lifecycle of security incidents, including triage validation, containment, eradication, recovery, and closure. Establish and maintain incident command during high-severity or large-scale incidents. Drive cross-functional collaboration and decision making across technical and business teams to ensure timely and effective response. Facilitate incident communication, coordinate response resources, and maintain clear situational awareness for all engaged. Ensure consistent documentation of incident timelines, impact assessments, decisions, evidence chain of custody, and actions taken. Develop and maintain incident severity classifications and escalation criteria that are aligned with organizational and business needs and expectations. Provide executive-ready status updates and summaries during major incidents. Coordinate post-incident reviews, including root cause analysis, lessons learned, and tracking of remediation actions. Identify and facilitate opportunities to improve incident response processes, playbooks, and communication workflows. Partner with SOC leadership to enhance incident metrics, reporting, and operational maturity. Organize and participate in tabletop exercises, simulations, and readiness activities to improve Cyber Defense and SOC response capabilities. What You’ll Need: 3–7+ years of experience in cybersecurity operations, incident response, or SOC environments. Direct experience coordinating or leading security incident response efforts in enterprise environments. Strong understanding of the incident response lifecycle and frameworks (e.g., NIST 800-61). Experience handling high‑severity incidents such as ransomware, business email compromise, insider threats, cloud compromise, or data exfiltration events. Ability to interpret technical findings and translate them into clear, actionable updates for both technical and non-technical stakeholders. Excellent written and verbal communication skills, especially in high-pressure situations. Strong organizational skills with the ability to manage multiple concurrent incidents. Experience facilitating cross-functional communication across various media channels and driving accountability during live incidents. Ability to operate independently while collaborating effectively across distributed teams. Nice to Have: Experience in a formal CSIRT or Incident Commander role. Working knowledge of security technologies such as SIEM, EDR, email security, IAM, cloud security controls, and network monitoring tools. Knowledge of regulatory and compliance considerations (e.g., financial services, PCI, SOX, GLBA). Experience directing or conducting digital forensics or deep technical investigations. Familiarity with cloud-native security incident response (AWS, GCP, or Azure). Exposure to MITRE ATT&CK framework and threat intelligence integration. Relevant certifications such as GCIA, GCIH, GCED, CISSP, CISM, or similar. Experience developing or maintaining incident response playbooks and runbooks. Compensation and Benefits The base pay range for this role is listed below. Final base pay offer will be determined based on individual factors such as the candidate’s experience, skills, and location. To view all of our comprehensive and competitive benefits, visit our Benefits at SoFi page! SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law. The Company hires the best qualified candidate for the job, without regard to protected characteristics. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. New York applicants: Notice of Employee Rights SoFi is committed to an inclusive culture. As part of this commitment, SoFi offers reasonable accommodations to candidates with physical or mental disabilities. If you need accommodations to participate in the job application or interview process, please let your recruiter know or email View email address on click.appcast.io. Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time. Internal Employees If you are a current employee, do not apply here - please navigate to our Internal Job Board in Greenhouse to apply to our open roles. #J-18808-Ljbffr Dormont Manufacturing Co
- Dormont Manufacturing Co in Seattle is seeking a Cybersecurity Incident Commander to join our Cyber Defense program. You will be responsible for leading incident command efforts and ensuring the effective management of security incidents across the organization. This role...Suggested
$142.5k - $190k
JPMorgan Chase in Seattle is seeking a Technology Support Lead to provide critical support within the Cybersecurity Incident Management team. This role involves managing cybersecurity incidents, executing firm-wide strategies, and enhancing technological resilience. Ideal...Suggested- 100 Salesforce, Inc. in Seattle is seeking an Incident and Vulnerability Manager to lead incident response within the Cyber Security Operations Center. In this critical role, you will establish response strategies for high-risk cyber security events and work closely with...Suggested
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Cybersecurity Incident Commander. Be the first to apply!
- cyber security Seattle, WA
- IT cyber security Seattle, WA
- work from home cyber security Seattle, WA
- cyber security incident responder Seattle, WA
- cybersecurity software engineer Seattle, WA
- remote cyber security Seattle, WA
- senior cybersecurity engineer Seattle, WA
- cyber security sales Seattle, WA
- cyber security lead Seattle, WA
- entry level cyber security Seattle, WA
