Cybersecurity Major Incident Manager

United StatesFull-timePosted Jul 16, 2026
Make your mark at Comcast -- a Fortune 30 global media and technology company. From the connectivity and platforms we provide, to the content and experiences we create, we reach hundreds of millions of customers, viewers, and guests worldwide. Become part of our award-winning technology team that turns big ideas into cutting-edge products, platforms, and solutions that our customers love. We create space to innovate, and we recognize, reward, and invest in your ideas, while ensuring you can proudly bring your authentic self to the workplace. Join us. You’ll do the best work of your career right here at Comcast. (In most cases, Comcast prefers to have employees on-site collaborating unless the team has been designated as virtual due to the nature of their work. If a position is listed with both office locations and virtual offerings, Comcast may be willing to consider candidates who live greater than 100 miles from the office for the remote option.)

Job Summary

The Cybersecurity Major Incident Manager leads incident management across a distributed, follow-the-sun operating model, with accountability for incident response support and coordination, post-incident governance, and continuous improvement to ensure consistent execution, disciplined closure, and measurable risk reduction.

Job Description

Key Responsibilities

  • Lead incident response support and coordination across regions, ensuring consistent execution, rapid response, and 24x7 operational coverage.
  • Build and maintain the CSOC IM operating model, including staffing, escalation paths, runbooks, and surge support for major incidents
  • Manage and develop a distributed team of Incident Coordinators and Incident Managers across regions
  • Establish follow-the-sun operating rhythms and seamless regional handoff processes.
  • Provide leadership and oversight for the integration of vulnerability management, threat monitoring, detection engineering, and critical security telemetry to ensure visibility, coverage, and operational readiness for newly acquired environments.
  • Drive cybersecurity operational maturity across newly integrated businesses, ensuring incident response processes, playbooks, governance, and continuous improvement activities align with enterprise standards and regulatory requirements.
  • Serve as a senior incident coordinator for high-severity incidents, ensuring alignment across technical teams, business stakeholders, Legal, Privacy, and Communications
  • Coordinate incident response activities, ensuring actions are tracked, prioritized, and executed in alignment with the Incident Response Plan
  • Own incident closure quality, ensuring root cause, remediation, evidence, and documentation are complete and audit-ready
  • Lead After-Action Reviews (AARs) and ensure structured, outcome-driven execution
  • Translate AAR outputs into prioritized Cybersecurity Action Plans (CAPs) with clear ownership and timelines
  • Provide clear, executive-ready updates and structured communication cadence to the teams
  • Partner with Legal to support appropriate post-incident oversight and review requirements
  • Assess operational gaps and drive improvements in processes, controls, and coordination
  • Define and track key metrics including MTTR, closure quality, CAP completion, and incident recurrence
  • Establish reporting on incident trends, operational performance, and readiness gaps
  • Ensure alignment with regulatory requirements and regional considerations (U.S. and U.K.)
  • Manage relationships with external incident response providers and partners
  • Lead, coach, and develop a high-performing global team while driving a culture of accountability and operational rigor

Qualifications

  • 7+ years of experience in cybersecurity operations, incident response support, or CSOC leadership
  • Proven experience leading global or distributed teams across multiple regions or time zones
  • Strong understanding of incident response lifecycle, coordination, and post-incident analysis (AAR/RCA)
  • Experience managing cross-functional teams during high-severity incidents
  • Strong communication and stakeholder management skills

Preferred Skills

  • Experience with incident management or workflow platforms
  • Familiarity with AAR frameworks and operational governance
  • Knowledge of U.S. and international regulatory environments
  • Experience operating in a 24x7 or follow-the-sun model

Skills

After Action Review, Cross-Functional Teamwork, Cybersecurity Operations, Executive Communications, Leadership, Major Incident Management, Stakeholder Management

We believe that benefits should connect you to the support you need when it matters most, and should help you care for those who matter most. That's why we provide an array of options, expert guidance and always-on tools that are personalized to meet the needs of your reality—to help support you physically, financially and emotionally through the big milestones and in your everyday life.


Please visit the benefits summary on our careers site for more details.

Education

Bachelor's Degree

While possessing the stated degree is preferred, Comcast also may consider applicants who hold some combination of coursework and experience, or who have extensive related professional experience.

Certifications (if applicable)

Relevant Work Experience

5-7 Years

Comcast is an equal opportunity workplace. We will consider all qualified applicants for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, genetic information, or any other basis protected by applicable law.

Want jobs like this matched to you?

Swoopd scores fresh postings against your résumé so you only see the matches that matter.

Get started free