ABOUT US

Sophos is a global leader and innovator of advanced security solutions for defeating cyberattacks. The company acquired Secureworks in February 2025, bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos’ complete portfolio includes industry-leading endpoint, network, email, and cloud security that interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) worldwide, defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, other every day and state-sponsored cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.

READY TO JOIN US?

At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don’t check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don’t let a checklist hold you back – we encourage you to apply.

ROLE SUMMARY

The Incident Commander is a senior level consultant, who leads the response to our customers’ major cybersecurity incidents, coordinating with customers, internal teams and partners to effect an expeditious and secure recovery of business operations.
This position requires up to 25% travel with possible extended assignments for large incidents.

WHAT YOU WILL DO

• 
  
  
  
• Serve as a trusted advisor and subject matter expert to customers and guide customers’ senior leadership through managing business impacts and risk mitigation associated with a cyber incident or data breach ensuring customer satisfaction

• Act as the incident commander in specific engagements and lead company remediation functions coordinating with IR and Threat Intelligence delivery teams to handle inquiries, briefings, and customer-facing status reports in a variety of formats.
• Develop incident response containment plans and remediation strategies; present strategic and tactical plans both orally and in written reports for customers and all involved third parties.
• Execute and enhance incident command and remediation workflows, ensuring that defined standards are suitable to support multiple IR service delivery teams for cyber incidents ranging from single system compromises, full network intrusions, and crisis events.
• Participate in customer outreach and service delivery checkpoint efforts for enterprise tier and incident management retainer customers.
• Participate in the technical peer review process for cyber incident response and threat hunting engagement deliverables.
• Coordinate with IR and Threat Intelligence delivery teams to handle inquiries, briefings, and customer-facing status reports in a variety of formats.
• Deliver Proactive/Readiness engagements and lead customers in the improvement of their cyber security programs.
• Be a champion of Incident Response and Advisory services through thought leadership, speaking opportunities, and industry events.