Role Scope- Lead incidents as a senior incident commander in the on-call rotation, and serve as the escalation backstop when a case rises above the responders on call.
- Own the 24/7 coverage model, rotation discipline, and response SLAs for your US region, keeping the program humane and the bar high at the same time.
- Build and develop a team of senior incident responders, setting the on-call expectations and quality bar they operate to.
- Drive executive, legal, and customer communications during declared incidents, including regulated reporting and disclosure timelines.
- Own the joint operating relationship with Physical Security and Data Center Operations for incidents that cross cyber, physical, and OT surfaces.
- Run the post-incident review cadence and drive remediation to completion across detection, response, and infrastructure.
- Hold the bar on the agentic triage layer, defining what the agent escalates and feeding incident learnings back to detection engineering and threat intelligence.
What We're Looking ForThe below is a starting point. We always make space for exceptional people, so if you don't fit this role exactly, tell us where you would.- You've led material incidents end to end as a senior incident commander at organizations with sophisticated, well-resourced threat actors.
- You've managed and grown a team of senior responders while staying in the on-call rotation yourself.
- You've designed or run a 24/7 on-call program: coverage models, rotation discipline, acknowledgement and response SLAs, and escalation chains.
- You move between technical containment and executive, legal, or customer-facing communications during a declared incident without losing the thread.
- You've made disclosure-grade calls under regulatory and customer reporting clocks.
- You've built operating relationships across security, infrastructure, and physical or facilities teams, and led incidents that crossed those boundaries.
- You have well-founded opinions on what makes an on-call program humane and an incident response process effective, and you're ready to build one from a small senior core.
- Bonus: Incident response bridging cyber, physical, and OT or ICS surfaces. Experience at critical-infrastructure operators, data centers, or 24/7 high-availability environments. Standing up or scaling an IR team and on-call program from scratch. Operating under FedRAMP, SEC, or similar regulated incident-reporting regimes. Agent-augmented IR, including triage, investigation, or response automation.
Salary & Benefits- Competitive total compensation package (salary + equity)
- Retirement or pension plan, in line with local norms
- Health, dental, and vision insurance
- Generous PTO policy, in line with local norms
The base salary range for this position is $300,000 - $400,000 per year, depending on experience, skills, qualifications, and location. This range represents our good faith estimate of the compensation for this role at the time of posting. Total compensation may also include equity in the form of stock options.
We are committed to pay equity and transparency.