Sophos
Principal Incident Response Engineer 1
The IR Incident Commander is a senior level consultant, who leads the response to our customers' major cybersecurity incidents, coordinating with customers, internal teams and partners to effect an expeditious and secure recovery of business operations. This position requires up to 25% travel with possible extended assignments for large incidents. What You Will Do: Serve as a trusted advisor and subject matter expert to customers and guide customers' senior leadership through managing business impacts and risk mitigation associated with a cyber incident or data breach ensuring customer satisfaction. Act as the incident commander in specific engagements and lead company remediation functions coordinating with IR and Threat Intelligence delivery teams to handle inquiries, briefings, and customer-facing status reports in a variety of formats. Develop incident response containment plans and remediation strategies; present strategic and tactical plans both orally and in written reports for customers and all involved third parties. Execute and enhance incident command and remediation workflows, ensuring that defined standards are suitable to support multiple IR service delivery teams for cyber incidents ranging from single system compromises, full network intrusions, and crisis events. Participate in customer outreach and service delivery checkpoint efforts for enterprise tier and incident management retainer customers. Participate in the technical peer review process for cyber incident response and threat hunting engagement deliverables. Coordinate with IR and Threat Intelligence delivery teams to handle inquiries, briefings, and customer-facing status reports in a variety of formats. Deliver Proactive/Readiness engagements and lead customers in the improvement of their cyber security programs. Be a champion of Incident Response and Advisory services through thought leadership, speaking opportunities, and industry events. What You Will Bring: Ability to travel on short notice, up to 25%. 10+ years of experience in cybersecurity operations, with 3+ years leading incident response teams. Strong executive communication skills (oral and written), including experience briefing senior leadership and customers during high-pressure situations. Deep understanding of cyber threat actor tactics, techniques, and procedures (TTPs) with ability to design and deliver customized remediation plans. Project/program management experience (minimum 3 years) coordinating cross-functional technical teams. Bachelor's degree in a technology or cybersecurity discipline, or 5+ years of equivalent documented experience in relevant roles. Professional certifications strongly preferred (e.g., CISSP, CISA, CISM, GCFE). Cybersecurity leadership background as a senior security executive or consulting leader in incident response. Military or law enforcement service with exposure to large-scale cybercrime cases or cyber defense operations. Direct experience managing and conducting IR investigations involving nation-state, organized crime, or hacktivist actors. Track record of mentoring and leading technical teams in high-stakes environments. Demonstrated success in building IR business and customer relationships. Knowledge of international data privacy regulations and cybersecurity compliance frameworks. In the United States, the base salary for this role ranges from $173,000 to $288,000. In addition to base salary, we offer additional compensation including bonus eligibility and a comprehensive benefits package. A candidate's specific pay within this range will depend on a variety of factors, including job-related skills, training, location, experience, relevant education, certifications, and other business and organizational needs.
The IR Incident Commander is a senior level consultant, who leads the response to our customers' major cybersecurity incidents, coordinating with customers, internal teams and partners to effect an expeditious and secure recovery of business operations. This position requires up to 25% travel with possible extended assignments for large incidents. What You Will Do: Serve as a trusted advisor and subject matter expert to customers and guide customers' senior leadership through managing business impacts and risk mitigation associated with a cyber incident or data breach ensuring customer satisfaction. Act as the incident commander in specific engagements and lead company remediation functions coordinating with IR and Threat Intelligence delivery teams to handle inquiries, briefings, and customer-facing status reports in a variety of formats. Develop incident response containment plans and remediation strategies; present strategic and tactical plans both orally and in written reports for customers and all involved third parties. Execute and enhance incident command and remediation workflows, ensuring that defined standards are suitable to support multiple IR service delivery teams for cyber incidents ranging from single system compromises, full network intrusions, and crisis events. Participate in customer outreach and service delivery checkpoint efforts for enterprise tier and incident management retainer customers. Participate in the technical peer review process for cyber incident response and threat hunting engagement deliverables. Coordinate with IR and Threat Intelligence delivery teams to handle inquiries, briefings, and customer-facing status reports in a variety of formats. Deliver Proactive/Readiness engagements and lead customers in the improvement of their cyber security programs. Be a champion of Incident Response and Advisory services through thought leadership, speaking opportunities, and industry events. What You Will Bring: Ability to travel on short notice, up to 25%. 10+ years of experience in cybersecurity operations, with 3+ years leading incident response teams. Strong executive communication skills (oral and written), including experience briefing senior leadership and customers during high-pressure situations. Deep understanding of cyber threat actor tactics, techniques, and procedures (TTPs) with ability to design and deliver customized remediation plans. Project/program management experience (minimum 3 years) coordinating cross-functional technical teams. Bachelor's degree in a technology or cybersecurity discipline, or 5+ years of equivalent documented experience in relevant roles. Professional certifications strongly preferred (e.g., CISSP, CISA, CISM, GCFE). Cybersecurity leadership background as a senior security executive or consulting leader in incident response. Military or law enforcement service with exposure to large-scale cybercrime cases or cyber defense operations. Direct experience managing and conducting IR investigations involving nation-state, organized crime, or hacktivist actors. Track record of mentoring and leading technical teams in high-stakes environments. Demonstrated success in building IR business and customer relationships. Knowledge of international data privacy regulations and cybersecurity compliance frameworks. In the United States, the base salary for this role ranges from $173,000 to $288,000. In addition to base salary, we offer additional compensation including bonus eligibility and a comprehensive benefits package. A candidate's specific pay within this range will depend on a variety of factors, including job-related skills, training, location, experience, relevant education, certifications, and other business and organizational needs.