Lead Cyber Incident Commander (Hybrid)

Position Compensation Range:

Pay Rate Type:

Compensation may vary based on the job level and your geographic work location. Relocation support is offered for eligible candidates.

Primary Accountabilities:

• Lead and coordinate all phases of critical cybersecurity incident response-detection, triage, containment, eradication, and recovery.
• Serve as the primary escalation point, ensuring clear communication among technical teams, executives, and business stakeholders.
• Facilitate incident bridges, manage war rooms, and document actions in real time.
• Oversee incident classification, prioritization, and escalation per established policies.
• Collaborate with IT, Legal, Compliance, Communications, and other teams for unified response.
• Deliver incident status updates and executive summaries to senior leadership.
• Conduct post-incident reviews, root cause analysis, and drive remediation and process improvements.
• Maintain and enhance incident response playbooks, runbooks, and communication templates.
• Mentor and train responders and stakeholders on best practices.
• Stay current on emerging threats, attack techniques, and regulatory requirements.

Specialized Knowledge & Skills Requirements

• Demonstrated experience providing customer-driven solutions, support or service.
• Solid knowledge and understanding of software engineering architectures, system/software designs, and system deployments.
• Working knowledge and of Cyber Security, Cyber Engineering, Computer Science, Software Engineering, Electrical / Computer Engineering.
• Extensive knowledge and understanding of security technologies and application development methodologies.
• Demonstrated experience performing cyber threat analysis, incident response, forensics analysis, penetration testing, and ethical hacking.
• Extensive knowledge and understanding of directory services and identity stores.

Preferred Qualifications

• Experience directing high-impact cyber incident response efforts in large enterprise (1000+).
• 7-10+ years of progressive experience in cybersecurity, with at least 5 years in incident response or security operations leadership roles.
• Demonstrated ability to communicate complex technical information clearly to executives, business stakeholders, and technical teams.
• Experience leading after-action reviews, and continuous improvement programs.
• Knowledge of incident management frameworks and methodologies (NIST 800-61, ISO 27035, SANS).
• Hands-on expertise with SIEM, EDR/XDR, threat intelligence, and forensic tools.
• Industry-recognized certifications include CISSP, CISM, GCIH, GCIM, GCFA, or equivalent.
• Familiarity with compliance and regulatory obligations (e.g., GDPR, HIPAA, PCI-DSS, SOX).
• Collaborating effectively with cross-functional stakeholders, third-party vendors, and government or law enforcement agencies.
• Bachelor's or master's degree in Cybersecurity, Computer Science, Information Technology, or a related field.

• Offer to selected candidate will be made contingent on the results of applicable background checks

• Offer to selected candidate is contingent on signing a non-disclosure agreement for proprietary information, trade secrets, and inventions

• Sponsorship will not be considered for this position unless specified in the posting

In this hybrid role you will be expected to work a minimum of 10 days per month out of the Boston, MA office (02210).

This role is not open to sponsorship.

We provide benefits that support your physical, emotional, and financial wellbeing. You will have access to comprehensive medical, dental, vision and wellbeing benefits that enable you to take care of your health. We also offer a competitive 401(k) contribution, a pension plan, an annual incentive, 9 paid holidays and a paid time off program (23 days accrued annually for full-time employees). In addition, our student loan repayment program and paid-family leave are available to support our employees and their families. Interns and contingent workers are not eligible for American Family Insurance Group benefits.

We are an equal opportunity employer. It is our policy to comply with all applicable federal, state and local laws pertaining to non-discrimination, non-harassment and equal opportunity. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.

American Family Insurance is committed to the full inclusion of all qualified individuals. If a reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please email AskHR@AmFam.com to request a reasonable accommodation.