About the Role
As a Senior Security Incident Commander, you will be leading both the strategic and deeply technical aspects of the incident response process for critical-severity and large-scale incidents. You’ll blend the roles of Fire Captain, Air Traffic Controller, and NTSB Investigator - not only orchestrating the response with confidence under pressure, but also diving into technical investigations to ensure issues are understood and remediated at their root. You’ll leverage your in-depth knowledge of security tools, systems, and threat actor methodologies to bolster Uber’s security posture. In this role, you will also pioneer improvements to our incident response program, exploring cutting-edge technologies, novel detection and containment strategies, and advanced investigative techniques. As a leader in Engineering Security, you’ll set the technical standard for incident handling and continually elevate the craft of incident response across the organization.
- - - - What the Candidate Will Do ----
- Join an on-call rotation to lead security incident response teams for high-criticality cybersecurity incidents across Uber and its subsidiaries.
- Remain composed and technically effective under pressure, quickly pivoting between high-level strategic decisions and hands-on problem-solving.
- Serve as the primary point of contact throughout the incident lifecycle, including direct interaction with executives and cross-functional teams.
- Build strong partnerships with global teams to coordinate investigations, share technical insights, and respond effectively to incidents wherever they occur.
- Mentor and guide junior analysts, coaching them in advanced investigative methodologies and helping them develop deeper technical skills.
- Perform detailed root cause analysis, ensuring a rigorous technical understanding of incidents and creating actionable plans to prevent recurrence.
- Lead or contribute to projects that mature the incident response program including IR tabletop exercises, real-time incident simulations, threat hunting, and compromise assessments- to drive continuous improvement in detection, response, and remediation capabilities.
- - - - Basic Qualifications ----
- 5+ years of experience in blue team functions (SOC, IR, detection) at a global company, with a proven ability to handle complex, large-scale incidents.
- Deep familiarity with common threat actor attack patterns and TTPs, as well as an understanding of how to detect and disrupt them.
- Demonstrated success in driving extremely complex and ambiguous security incidents to closure, including technical investigation and remediation.
- Experience presenting incident strategy to executives, translating technical findings into clear, actionable business insights.
- Hands-on technical aptitude, including proficiency in reading logs, comfortable command-line usage, and the ability to dive deep into system, network, or application data to pinpoint root causes.
- Experience planning and running incident simulations such as tabletop exercises, purple teaming, etc., with an emphasis on highly technical scenarios.
- - - - Preferred Qualifications ----
- Willingness and experience leading and mentoring others, both technically and procedurally.
- A strong sense of urgency and drive - always looking to improve detection, response, and remediation strategies..
- Prior experience in incident response at a large tech company, where scale and complexity were significant factors.
- Broad cybersecurity domain knowledge - including infrastructure security, endpoint security, product security, and data security - to contextualize incidents within the broader security ecosystem.
- Hands-on scripting and/or coding skills (Python, Go, or similar) to build custom tooling, automate workflows, and/or enhance response capabilities.
- Experience utilizing or integrating generative AI/ML technologies to streamline incident detection, triage, and remediation workflows.
For San Francisco, CA-based roles: The base salary range for this role is USD$180,000 per year - USD$200,000 per year.
For Seattle, WA-based roles: The base salary range for this role is USD$180,000 per year - USD$200,000 per year.
For Sunnyvale, CA-based roles: The base salary range for this role is USD$180,000 per year - USD$200,000 per year.