Apply on Employer Site

Workday · 23 hours ago

Incident Coordinator/Cyber Incident Commander - US Federal

McLean, VA

Full-time

Hybrid

Senior Level

$139K/yr - $208K/yr

5+ years exp

Workday is a leading AI platform for managing people, money, and agents, committed to shaping the future of work. The Incident Coordinator/Cyber Incident Commander will serve as the central point of command for major cybersecurity incidents, leading the full incident lifecycle and ensuring compliance with federal government security requirements.

Artificial Intelligence (AI)Cloud ComputingEnterprise SoftwareHuman ResourcesSaaSSoftware

Comp. & Benefits

No H1B

U.S. Citizen Only

Responsibilities

Own all executive and customer communications

Ensure incident handling strictly adheres to compliance frameworks including FedRAMP, DoD IL4/IL5, and NIST 800-53

Support CISA/JAB/DISA/Customer notifications and customer evidence requests

Maintain IR playbooks, escalation paths, and communication templates

Direct cross-functional teams through triage, containment, eradication, and recovery

Validate evidence collection and maintain chain-of-custody as required

Provide accurate, timely status updates during ongoing or high-severity incidents

Communicate effectively with executives, legal, GRC, customer success, and partner teams

Act as primary Incident Commander, owning the incident bridge, assigning tasks, and ensuring rapid progression toward resolution

Produce official Incident Reports e.g. RCA, maintain IR playbooks, and lead post-incident reviews and readiness exercises to ensure continuous improvement

Systematically track incident metrics (MTTD, MTTR) and drive organizational adoption of best practices learned from incident reviews

Qualification

Incident responseCybersecurity operationsFedRAMP complianceNIST 800-53EDR experienceSIEM experienceCloud forensicsAWS/Azure/GCPCrisis leadershipRapid triageCross-cultural communicationIncident Commander experienceRelevant certificationsEmotional intelligenceMentoring

Required

5–10 years in incident response, SOC, cybersecurity operations, or SRE/DevOps, including demonstrated experience leading complex incidents in cloud/SaaS environments

Strong understanding of FedRAMP, DISA SRG, NIST 800-53 and IR best practices

Experience with EDR, SIEM, cloud forensics, and architectures (AWS/Azure/GCP, SaaS)

Exceptional communication, crisis leadership, rapid triage, and the ability to remain calm and decisive under pressure

Strong emotional intelligence and cross-cultural communication skills to manage diverse, high-stress teams