Senior Security Incident Commander

Command the highest severity and most complex security incidents across Uber and its subsidiaries, serving as the single accountable leader during active response.

Participate in an on-call rotation where you are expected to make real-time decisions with incomplete information, balancing speed, risk, and impact.

Act as the incident authority, not just a facilitator - forming hypotheses, setting strategy, and directing investigative focus.

Transition seamlessly between executive-level incident leadership and hands-on technical investigation, including log analysis, system interrogation, and root cause validation.

Serve as the primary interface to senior leadership during critical incidents, translating evolving technical realities into clear risk, impact, and decision frameworks.

Build and maintain strong working relationships with global engineering, infrastructure, legal, privacy, and operations teams to enable fast, coordinated response.

Conduct rigorous post-incident analysis in the spirit of an NTSB investigation - focused on systemic causes, contributing factors, and concrete prevention.

Mentor and develop other responders and incident leaders, raising the organization s ability to handle complex, time-critical security events.

Lead and materially contribute to initiatives that mature Uber's incident response program, including:

High-fidelity incident simulations and technical tabletop exercises

Threat-informed response planning and scenario development

'Left of boom' threat modeling to prevent incidents before they occur

Improvements to detection, containment, and response automation

Adoption of new investigative techniques and tooling, including AI-assisted workflows

5+ years in security operations, detection, or incident response roles at scale, with demonstrated ownership of ambiguous, large, complex, high-impact incidents.

Deep familiarity with modern attacker TTPs and how they manifest across logs, systems, networks, endpoints, and applications.

Strong technical investigation skills - comfortable working directly with logs, telemetry, and raw system data to validate hypotheses and determine root cause.

Experience briefing executives during active incidents, with the ability to clearly explain tradeoffs, risks, and recommended actions.

Experience designing or running technical incident simulations (tabletops, purple team exercises, or similar) that stress real-world response capabilities.

Experience building or leveraging AI-driven tooling to improve incident response posture, applying frontier technology to workflows such as triage, investigation, correlation, or decision support.

Demonstrated experience leading other responders through direct command during incidents and longer-term technical mentorship.

Strong bias for action and continuous improvement - uncomfortable with leaving with a shrug if things aren t right.

Experience responding to incidents in highly distributed, cloud-scale environments where blast radius and coordination complexity are significant.

Broad security domain knowledge (infrastructure, endpoint, product, identity, data) and the ability to reason across them during incidents.

Ability to script or code (Python, Go, or similar) to automate response tasks, prototype tooling, or close operational gaps.