Cyber Incident Manager

Cyber Incident Manager

Location: UK (hybrid)

We’re looking for a Cyber Incident Manager who brings calm, speed, and precision to high‑stakes security events. At Analog Devices, you’ll play a central role in our end‑to‑end cyber incident response—protecting operations, safeguarding intellectual property, and upholding the trust our customers place in us. You will take command when it matters most. You’ll act as Incident Commander across the full lifecycle using ADI’s SANS‑based process and severity model, ensuring disciplined execution from detection to recovery.

You’ll lead cyber incidents, run the Incident Action Group (IAG), and drive rapid containment, recovery, and high‑quality post‑incident reviews. You’ll own clear communication, maintain legal privilege, ensure record‑keeping, and work closely with legal, engineering, and cross‑functional partners. Ultimately, you’ll raise our incident response maturity and strengthen resilience—fast and with lasting impact.

• Own incident communications: run executive updates and stakeholder calls per ADIs Comms & Escalation Matrix; produce concise executive summaries and impact assessments.
• Stand up and run the Incident Action Group (IAG); set strategy, assign work streams, and steer decisions at pace.
• Operate within the incident case management platform to ensure real‑time logging, status, actions and decisions are captured and auditable.
• Orchestrate SOC, IR retainer, legal and engineering to deliver containment, focused monitoring, and durable remediation.
• Operate to NIST‑aligned IR practices and ADI governance; align evidence and timelines to other applicable obligations (e.g., sectoral regulators).
• When appropriate, maintain legal privilege throughout investigations using ADI’s privilege guidance and approved channels.
• Partner with SOC and Threat Intel to apply MITRE ATT&CK mapping, enable proactive detection, and reduce dwell time.
• Drive post‑incident reviews (PIRs), root‑cause analysis and action plans; track MTTD/MTTR, severity distributions and regulatory timelines.
• Be a pivotal part of tabletops and simulations; evolve playbooks to reflect new tactics, cloud patterns and control gaps.

• 5+ years leading cyber incidents and complex intrusions (SOC/IR/major incident command) in global enterprise environments.
• Mastery of incident lifecycle execution (SANS six steps), evidence handling, and cross‑functional coordination.
• Strong grasp of SIEM/EDR (e.g., Microsoft Sentinel, Defender, Splunk) and cloud incident patterns (Azure/AWS).
• Clear, executive‑level communication—translating technical impact into business risk and decisions.

• GCIH, GCFA/GCFR, GCTI, CISSP, CCSP, CISM; UK CREST credentials welcome but not essential.

• Work with cutting‑edge security tools and technologies in a dynamic, innovative environment.
• Play a meaningful role in shaping and strengthening the security posture of a global enterprise.
• Competitive salary, benefits, and continuous professional development opportunities.
• A collaborative culture that values integrity, innovation, and work‑life balance.

For positions requiring access to technical data, Analog Devices, Inc. may have to obtain export licensing approval from the U.S. Department of Commerce - Bureau of Industry and Security and/or the U.S. Department of State - Directorate of Defense Trade Controls. As such, applicants for this position – except US Citizens, US Permanent Residents, and protected individuals as defined by 8 U.S.C. 1324b(a)(3) – may have to go through an export licensing review process.

Analog Devices is an equal opportunity employer. We foster a culture where everyone has an opportunity to succeed regardless of their race, color, religion, age, ancestry, national origin, social or ethnic origin, sex, sexual orientation, gender, gender identity, gender expression, marital status, pregnancy, parental status, disability, medical condition, genetic information, military or veteran status, union membership, and political affiliation, or any other legally protected group.