SoFi
Financial Services
CybersecurityIncidentCommander
Neural analysis suggests this role is
optimal for Mid candidates.
“Cybersecurity Incident Commander at SoFi. Skills: Incident Commander, Cyber Defense, Security incident response. Serve as primary Security Incident Commander. Lead end-to-end lifecycle of security incidents”
Industry & Context.
Bring structure to ambiguity; Root cause analysis
What They're Looking For.
Must Have
3–7+ years of experience in cybersecurity operations, incident response, or SOC environments, Direct experience coordinating or leading security incident response efforts in enterprise environments, understanding of the incident response lifecycle and frameworks (e. g. , NIST 800-61), Experience handling high-severity incidents such as ransomware, business email compromise, insider threats, cloud compromise, or data exfiltration events, Ability to interpret technical findings and translate them into clear, actionable updates for both technical and non-technical stakeholders, Excellent written and verbal communication skills, especially in high-pressure situations, organizational skills with the ability to manage multiple concurrent incidents, Experience facilitating cross-functional communication across various media channels and driving accountability during live incidents, Ability to operate independently while collaborating effectively across distributed teams
Nice to Have
Experience in a formal CSIRT or Incident Commander role, Working knowledge of security technologies such as SIEM, EDR, email security, IAM, cloud security controls, and network monitoring tools, Knowledge of regulatory and compliance considerations (e. g. , financial services, PCI, SOX, GLBA), Experience directing or conducting digital forensics or deep technical investigations, Familiarity with cloud-native security incident response (AWS, GCP, or Azure), Exposure to MITRE ATT&CK framework and threat intelligence integration, Relevant certifications such as GCIA, GCIH, GCED, CISSP, CISM, or similar, Experience developing or maintaining incident response playbooks and runbooks
What You'll Do.
Serve as primary Security Incident Commander
Lead end-to-end lifecycle of security incidents
Establish and maintain incident command
Drive cross-functional collaboration
Facilitate incident communication
Ensure consistent documentation
Develop incident severity classifications
Provide executive status updates
Coordinate post-incident reviews
Improve incident response processes
Enhance incident metrics
Organize tabletop exercises
How You'll Work.
Team & Collaboration
Coordinate cross-functional response efforts; Partner closely with SOC Analysts, Threat Research, Offensive Security, Tools Automation & Operations (TAO), Engineering, IT, Legal, Risk, Executive team, and other stakeholders; Drive cross-functional collaboration and decision making across technical and business teams; Facilitate incident communication, coordinate response resources; Collaborate effectively across distributed teams
Communication Scope
Exceptional communication skills; Ability to interpret technical findings and translate them into clear, actionable updates for both technical and non-technical stakeholders; Excellent written and verbal communication skills, especially in high-pressure situations; Facilitate incident communication; Provide executive-ready status updates and summaries
Process & Methodology
Manage multiple concurrent incidents, Drive accountability during live incidents
Full Job Description
Employee Applicant Privacy Notice Who we are: Shape a brighter financial future with us. Together with our members, we’re changing the way people think about and interact with personal finance. We’re a next-generation financial services company and national bank using innovative, mobile-first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we’re at the forefront. We’re proud to come to work every day knowing that what we do has a direct impact on people’s lives, with our core values guiding us every step of the way. Join us to invest in yourself, your career, and the financial world. The Role: We are seeking a Cybersecurity Incident Commander to join SoFi’s Cyber Defense program and lead incident command efforts across the organization. This role will serve as a central driver for security incident response, ensuring effective management of day-to-day incidents as well as large-scale, high-impact cybersecurity events. The SOC team is responsible for monitoring, analyzing, and responding to security events across SoFi’s infrastructure and applications. As a dedicated incident response resource within Cyber Defense, you will coordinate cross-functional response efforts, maintain incident command structure during active events, and ensure consistent communication, documentation, and resolution tracking. This is a highly visible role that partners closely with SOC Analysts, Threat Research, Offensive Security, Tools Automation & Operations (TAO), Engineering, IT, Legal, Risk, Executive team, and other stakeholders to drive timely containment, eradication, and recovery. The ideal candidate thrives in fast-paced environments, brings structure to ambiguity, has exceptional communication skills, and can effectively drive complex incidents from detection through post-incident review. What You’ll Do: Serve as the primary Security Incident Commander for security incidents identified by the SOC. Le
Applying for this Cybersecurity Incident Commander role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
ANONYMOUS · UNFILTERED
What do employees actually say about SoFi?
Real rants from real employees. Read before you apply.