Offer summary

Qualifications:

Proven incident response experience with leadership of cross-functional security teams., Strong understanding of attack lifecycle stages and containment best practices., Excellent communication skills for briefing clients and executives., Familiarity with security tools and incident response methodologies..

Key responsabilities:

Lead complex cybersecurity incidents from initial scoping to post-incident review.

Coordinate actions across all parties involved in security incidents.

Drive incident lifecycle management focusing on containment and minimizing disruption.

Communicate real-time updates to client stakeholders and Thrive leadership.

Job description

About Us
Thrive is a rapidly growing technology solutions provider focusing upon Cloud, Cyber Security, Networking, Disaster Recovery and Managed Services. Our corporate culture, engineering talent, customer-centric approach, and focus upon “next generation” services help us stand out amongst our peers. Thrive is on the look-out for individuals who don’t view their weekdays spent at “a job”, but rather look to develop valuable skills that ignite their passion and lead to a CAREER. If you’re attracted to a “work hard, play hard” environment, seeking the guidance, training and experience necessary to build a lucrative career, then welcome to THRIVE!!

Position Overview
Thrive is expanding its cybersecurity capabilities and is seeking a highly capable Incident Commander to lead critical security incident operations across our organization. This role is essential for directing and coordinating all activities and resources involved in a security incident, ensuring alignment across internal Thrive teams and with client stakeholders.
The Incident Commander acts as the single point of accountability for the lifecycle of high-severity incidents—driving containment, eradication, recovery, and client communication with authority and clarity. This leader must possess both technical fluency and strong executive presence to guide multi-team efforts under pressure.

Primary Responsibilities

Serve as the lead Incident Commander for complex or high-priority cybersecurity incidents, assuming control from initial scoping through post-incident review.
Act as the central coordination point across all parties engaged in security incidents
Ensure that all internal actions are synchronized, prioritized, and in alignment with client needs and Thrive’s incident response methodology.
Set the operational tempo, assign task owners, and communicate timelines, dependencies, and roadblocks in real-time.
Drive incident lifecycle management with a focus on containment, minimizing business disruption, and maintaining security assurance.
Maintain clear, structured communication with client stakeholders and Thrive leadership, including updates on threat actor behavior, system impact, business risk, and required decisions.

Lead conference bridges during incident response, ensuring everyone is aligned and progressing toward resolution.
Approve restoration plans, re-entry conditions, and sequencing to minimize risk of re-compromise.
Serve as the public face of Thrive during a cybersecurity crisis, guiding clients with authority and confidence through incident containment and recovery.
Provide real-time risk assessments and business impact updates to client executive teams, IT leads, and legal stakeholders.
Assist clients in coordination with cyber insurance or legal counsel when applicable.
Advocate for long-term maturity improvements post-incident, helping position Thrive as a trusted partner.
Continually enhance Thrive’s playbooks, escalation frameworks, and IR documentation based on lessons learned from real-world incidents.
Lead internal after-action reviews and root cause analysis meetings with technical teams and business units.
Partner with Security Engineering to validate detection coverage and response automation opportunities.
Conduct tabletop with internal Thrive teams to test and improve readiness for various threat scenarios.
Promote a strong, communicative culture of shared accountability and post-incident learning across all Thrive teams.

Qualifications

Proven incident response experience with demonstrated leadership of cross-functional security teams.
Proven success commanding high-impact cybersecurity incidents in a fast-paced, customer-facing environment.
Strong understanding of attack lifecycle stages, investigative workflows, and containment best practices.
Deep knowledge of modern attacker tactics and incident frameworks (MITRE ATT&CK, Cyber Kill Chain, NIST 800-61).
Excellent communication skills, with experience briefing clients, executives, and cross-disciplinary teams.
Familiarity with security tools (SIEM, EDR, forensic platforms), system/network architecture, incident response methodologies, and backup and disaster recovery plans.
Ability to multitask and make decisions quickly under pressure.

Preferred Experience

Experience with MSSP coordination, including multi-tenant incident response and customer escalation management.
Familiarity with tools like SentinelOne, Microsoft 365 Defender, Fortinet, CrowdStrike, and similar platforms.
Experience integrating legal, compliance, or insurance considerations into incident decision-making.

Preferred Certifications

GCIH – GIAC Certified Incident Handler
GCFA – GIAC Certified Forensic Analyst
GCFE – GIAC Certified Forensic Examiner
CHFI – Computer Hacking Forensic Investigator
CISSP, CISM, or other management-level security certifications are a plus