Lead response to major cybersecurity incidents, coordinating with teams and customers for secure recovery, while advising on risk management and incident strategies.
About Us
Sophos is a global leader and innovator of advanced security solutions for defeating cyberattacks. The company acquired Secureworks in February 2025, bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos’ complete portfolio includes industry-leading endpoint, network, email, and cloud security that interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) worldwide, defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, other every day and state-sponsored cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.
Role Summary
The IR Incident Commander is a senior level consultant, who leads the response to our customers' major cybersecurity incidents, coordinating with customers, internal teams and partners to effect an expeditious and secure recovery of business operations.
This position requires up to 25% travel with possible extended assignments for large incidents.
What You Will Do
- Serve as a trusted advisor and subject matter expert to customers and guide customers' senior leadership through managing business impacts and risk mitigation associated with a cyber incident or data breach ensuring customer satisfaction
- Act as the incident commander in specific engagements and lead company remediation functions coordinating with IR and Threat Intelligence delivery teams to handle inquiries, briefings, and customer-facing status reports in a variety of formats.
- Develop incident response containment plans and remediation strategies; present strategic and tactical plans both orally and in written reports for customers and all involved third parties.
- Execute and enhance incident command and remediation workflows, ensuring that defined standards are suitable to support multiple IR service delivery teams for cyber incidents ranging from single system compromises, full network intrusions, and crisis events.
- Participate in customer outreach and service delivery checkpoint efforts for enterprise tier and incident management retainer customers.
- Participate in the technical peer review process for cyber incident response and threat hunting engagement deliverables.
- Coordinate with IR and Threat Intelligence delivery teams to handle inquiries, briefings, and customer-facing status reports in a variety of formats.
- Deliver Proactive/Readiness engagements and lead customers in the improvement of their cyber security programs.
- Be a champion of Incident Response and Advisory services through thought leadership, speaking opportunities, and industry events.
What You Will Bring
- Ability to travel on short notice, up to 25%.
- 10+ years of experience in cybersecurity operations, with 3+ years leading incident response teams.
- Strong executive communication skills (oral and written), including experience briefing senior leadership and customers during high-pressure situations.
- Deep understanding of cyber threat actor tactics, techniques, and procedures (TTPs) with ability to design and deliver customized remediation plans.
- Project/program management experience (minimum 3 years) coordinating cross-functional technical teams.
- Bachelor’s degree in a technology or cybersecurity discipline, or 5+ years of equivalent documented experience in relevant roles.
- Professional certifications strongly preferred (e.g., CISSP, CISA, CISM, GCFE).
- Cybersecurity leadership background as a senior security executive or consulting leader in incident response.
- Military or law enforcement service with exposure to large-scale cybercrime cases or cyber defense operations.
- Direct experience managing and conducting IR investigations involving nation-state, organized crime, or hacktivist actors.
- Track record of mentoring and leading technical teams in high-stakes environments.
- Demonstrated success in building IR business and customer relationships.
- Knowledge of international data privacy regulations and cybersecurity compliance frameworks.
In the United States, the base salary for this role ranges from $173,000 to $288,000. In addition to base salary, we offer additional compensation including bonus eligibility and a comprehensive benefits package. A candidate’s specific pay within this range will depend on a variety of factors, including job-related skills, training, location, experience, relevant education, certifications, and other business and organizational needs.
#li-remote
#B2
#li-ND2
Ready to Join Us?
At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they don't check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Don't let a checklist hold you back – we encourage you to apply.
What's Great About Sophos?
· Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. While we are a remote first organization, applicants must have legal authorization to work in the jurisdiction where the position is posted, without requiring employer sponsorship.
· Our people – we innovate and create, all of which are accompanied by a great sense of fun and team spirit
· Employee-led diversity and inclusion networks that build community and provide education and advocacy
· Annual charity and fundraising initiatives and volunteer days for employees to support local communities
· Global employee sustainability initiatives to reduce our environmental footprint
· Global fitness and trivia competitions to keep our bodies and minds sharp
· Global wellbeing days for employees to relax and recharge
· Monthly wellbeing webinars and training to support employee health and wellbeing
Our Commitment To You
We’re proud of the diverse and inclusive environment we have at Sophos, and we’re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know.
Data Protection
If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos’ data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos
Top Skills
Cybersecurity
Sophos Burlington, Massachusetts, USA Office
3 Van de Graaff Drive, Burlington, MA, United States, 01803
Similar Jobs
Cloud • Edtech • Information Technology • Software
The Director of Governance, Risk & Compliance leads compliance and risk programs, ensuring alignment with regulations. They oversee audits, data protection policies, and operational risk management while partnering with cross-functional leaders.
Top Skills:
CisaCismCisspCriscIso 27001Nist CsfNist800-53PciSoc 2
Blockchain • eCommerce • Fintech • Payments • Software • Financial Services • Cryptocurrency
The role involves leading merchandising strategy for Square Hardware across global retail partners, managing vendor relations, and ensuring effective project execution while driving budget compliance and using data insights for improvements.
Fintech • Legal Tech • Software • Financial Services • Cybersecurity • Data Privacy
As a Service of Process Specialist, you will process legal documents, conduct research, resolve customer inquiries, and ensure timely document delivery. The role requires attention to detail and strong communication skills.
Top Skills:
MS Office
What you need to know about the Boston Tech Scene
Boston is a powerhouse for technology innovation thanks to world-class research universities like MIT and Harvard and a robust pipeline of venture capital investment. Host to the first telephone call and one of the first general-purpose computers ever put into use, Boston is now a hub for biotechnology, robotics and artificial intelligence — though it’s also home to several B2B software giants. So it’s no surprise that the city consistently ranks among the greatest startup ecosystems in the world.
Key Facts About Boston Tech
- Number of Tech Workers: 269,000; 9.4% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Thermo Fisher Scientific, Toast, Klaviyo, HubSpot, DraftKings
- Key Industries: Artificial intelligence, biotechnology, robotics, software, aerospace
- Funding Landscape: $15.7 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Summit Partners, Volition Capital, Bain Capital Ventures, MassVentures, Highland Capital Partners
- Research Centers and Universities: MIT, Harvard University, Boston College, Tufts University, Boston University, Northeastern University, Smithsonian Astrophysical Observatory, National Bureau of Economic Research, Broad Institute, Lowell Center for Space Science & Technology, National Emerging Infectious Diseases Laboratories
