×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Security Manager

Senior Security Incident Commander

Job in San Francisco, San Francisco County, California, 94199, USA
Listing for: Uber
Full Time position
Listed on 2026-02-21
Job specializations:
  • IT/Tech
    Cybersecurity, Security Manager
Salary/Wage Range or Industry Benchmark: 180000 - 200000 USD Yearly USD 180000.00 200000.00 YEAR
Job Description & How to Apply Below

About the Role

As a Senior Security Technologist, Incident Command, you are accountable for leading Uber’s most critical, complex, and high-impact security incidents end-to-end - from escalation to containment, recovery, and systemic remediation.

You operate at the intersection of Fire Captain, NTSB Investigator, and hands‑on technical practitioner. In the moment, you take command - setting strategy, assigning resources, and making high‑consequence decisions under pressure. After the smoke clears, you drive deep technical investigation and post‑incident analysis to ensure we understand not just what happened, but why it happened, and that meaningful, durable fixes are made.

This is not a passive coordination role. You are expected to be technically credible, decisive in ambiguity, and comfortable owning outcomes when there is no playbook. You will shape how Uber responds to security incidents at scale - raising the technical bar, building and modernising tooling and workflows, and influencing teams beyond Engineering Security.

What the Candidate Will Need / Bonus Points What the Candidate Will Do
  • Command the highest severity and most complex security incidents across Uber and its subsidiaries, serving as the single accountable leader during active response.
  • Participate in an on‑call rotation where you are expected to make real‑time decisions with incomplete information, balancing speed, risk, and impact.
  • Act as the incident authority, not just a facilitator - forming hypotheses, setting strategy, and directing investigative focus.
  • Transition seamlessly between executive‑level incident leadership and hands‑on technical investigation, including log analysis, system interrogation, and root‑cause validation.
  • Serve as the primary interface to senior leadership during critical incidents, translating evolving technical realities into clear risk, impact, and decision frameworks.
  • Build and maintain strong working relationships with global engineering, infrastructure, legal, privacy, and operations teams to enable fast, coordinated response.
  • Conduct rigorous post‑incident analysis in the spirit of an NTSB investigation - focused on systemic causes, contributing factors, and concrete prevention.
  • Mentor and develop other responders and incident leaders, raising the organisation’s ability to handle complex, time‑critical security events.
  • Lead and materially contribute to initiatives that mature Uber’s incident response program, including:
  • High‑fidelity incident simulations and technical tabletop exercises
  • Threat‑informed response planning and scenario development
  • ‘Left of boom’ threat modelling to prevent incidents before they occur
  • Improvements to detection, containment, and response automation
  • Adoption of new investigative techniques and tooling, including AI‑assisted workflows
    • Basic Qualifications
  • 5+ years in security operations, detection, or incident response roles at scale, with demonstrated ownership of ambiguous, large, complex, high‑impact incidents.
  • Deep familiarity with modern attacker TTPs and how they manifest across logs, systems, networks, endpoints, and applications.
  • Strong technical investigation skills - comfortable working directly with logs, telemetry, and raw system data to validate hypotheses and determine root‑cause.
  • Experience briefing executives during active incidents, with the ability to clearly explain trade‑offs, risks, and recommended actions.
  • Experience designing or running technical incident simulations (table‑tops, purple team exercises, or similar) that stress real‑world response capabilities.
  • Experience building or leveraging AI‑driven tooling to improve incident response posture, applying frontier technology to workflows such as triage, investigation, correlation, or decision support.
    • Preferred Qualifications
  • Demonstrated experience leading other responders through direct command during incidents and longer‑term technical mentorship.
  • Strong bias for action and continuous improvement - uncomfortable with leaving with a shrug if things aren’t right.
  • Experience responding to incidents in highly distributed, cloud‑scale environments where blast radius and coordination complexity are significant.
  • Broa…
    • Position Requirements
    10+ Years work experience
    To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
    (If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
     
     
     
    Search for further Jobs Here:
    (Try combinations for better Results! Or enter less keywords for broader Results)
    Location
    Increase/decrease your Search Radius (miles)

    Job Posting Language
    Employment Category
    Education (minimum level)
    Filters
    Education Level
    Experience Level (years)
    Posted in last:
    Salary
    Advanced Search