Security Incident Commander
Remote
Full Time
US - Security
Mid Level
About Us
Thrive is a rapidly growing technology solutions provider focusing upon Cloud, Cyber Security, Networking, Disaster Recovery and Managed Services. Our corporate culture, engineering talent, customer-centric approach, and focus upon “next generation” services help us stand out amongst our peers. Thrive is on the look-out for individuals who don’t view their weekdays spent at “a job”, but rather look to develop valuable skills that ignite their passion and lead to a CAREER. If you’re attracted to a “work hard, play hard” environment, seeking the guidance, training and experience necessary to build a lucrative career, then welcome to THRIVE!!
Position Overview
Thrive is expanding its cybersecurity capabilities and is seeking a highly capable Incident Commander to lead critical security incident operations across our organization. This role is essential for directing and coordinating all activities and resources involved in a security incident, ensuring alignment across internal Thrive teams and with client stakeholders.
The Incident Commander acts as the single point of accountability for the lifecycle of high-severity incidents—driving containment, eradication, recovery, and client communication with authority and clarity. This leader must possess both technical fluency and strong executive presence to guide multi-team efforts under pressure.
Primary Responsibilities
Qualifications
Preferred Experience
Preferred Certifications
Thrive is a rapidly growing technology solutions provider focusing upon Cloud, Cyber Security, Networking, Disaster Recovery and Managed Services. Our corporate culture, engineering talent, customer-centric approach, and focus upon “next generation” services help us stand out amongst our peers. Thrive is on the look-out for individuals who don’t view their weekdays spent at “a job”, but rather look to develop valuable skills that ignite their passion and lead to a CAREER. If you’re attracted to a “work hard, play hard” environment, seeking the guidance, training and experience necessary to build a lucrative career, then welcome to THRIVE!!
Position Overview
Thrive is expanding its cybersecurity capabilities and is seeking a highly capable Incident Commander to lead critical security incident operations across our organization. This role is essential for directing and coordinating all activities and resources involved in a security incident, ensuring alignment across internal Thrive teams and with client stakeholders.
The Incident Commander acts as the single point of accountability for the lifecycle of high-severity incidents—driving containment, eradication, recovery, and client communication with authority and clarity. This leader must possess both technical fluency and strong executive presence to guide multi-team efforts under pressure.
Primary Responsibilities
- Serve as the lead Incident Commander for complex or high-priority cybersecurity incidents, assuming control from initial scoping through post-incident review.
- Act as the central coordination point across all parties engaged in security incidents
- Ensure that all internal actions are synchronized, prioritized, and in alignment with client needs and Thrive’s incident response methodology.
- Set the operational tempo, assign task owners, and communicate timelines, dependencies, and roadblocks in real-time.
- Drive incident lifecycle management with a focus on containment, minimizing business disruption, and maintaining security assurance.
- Maintain clear, structured communication with client stakeholders and Thrive leadership, including updates on threat actor behavior, system impact, business risk, and required decisions.
- Lead conference bridges during incident response, ensuring everyone is aligned and progressing toward resolution.
- Approve restoration plans, re-entry conditions, and sequencing to minimize risk of re-compromise.
- Serve as the public face of Thrive during a cybersecurity crisis, guiding clients with authority and confidence through incident containment and recovery.
- Provide real-time risk assessments and business impact updates to client executive teams, IT leads, and legal stakeholders.
- Assist clients in coordination with cyber insurance or legal counsel when applicable.
- Advocate for long-term maturity improvements post-incident, helping position Thrive as a trusted partner.
- Continually enhance Thrive’s playbooks, escalation frameworks, and IR documentation based on lessons learned from real-world incidents.
- Lead internal after-action reviews and root cause analysis meetings with technical teams and business units.
- Partner with Security Engineering to validate detection coverage and response automation opportunities.
- Conduct tabletop with internal Thrive teams to test and improve readiness for various threat scenarios.
- Promote a strong, communicative culture of shared accountability and post-incident learning across all Thrive teams.
Qualifications
- Proven incident response experience with demonstrated leadership of cross-functional security teams.
- Proven success commanding high-impact cybersecurity incidents in a fast-paced, customer-facing environment.
- Strong understanding of attack lifecycle stages, investigative workflows, and containment best practices.
- Deep knowledge of modern attacker tactics and incident frameworks (MITRE ATT&CK, Cyber Kill Chain, NIST 800-61).
- Excellent communication skills, with experience briefing clients, executives, and cross-disciplinary teams.
- Familiarity with security tools (SIEM, EDR, forensic platforms), system/network architecture, incident response methodologies, and backup and disaster recovery plans.
- Ability to multitask and make decisions quickly under pressure.
Preferred Experience
- Experience with MSSP coordination, including multi-tenant incident response and customer escalation management.
- Familiarity with tools like SentinelOne, Microsoft 365 Defender, Fortinet, CrowdStrike, and similar platforms.
- Experience integrating legal, compliance, or insurance considerations into incident decision-making.
Preferred Certifications
- GCIH – GIAC Certified Incident Handler
- GCFA – GIAC Certified Forensic Analyst
- GCFE – GIAC Certified Forensic Examiner
- CHFI – Computer Hacking Forensic Investigator
- CISSP, CISM, or other management-level security certifications are a plus
Apply for this position
Required*