Cyber Security Incident Responder

We are seeking a proactive CERT Incident Responder to lead our Digital Forensics and Incident Response (DFIR) readiness and drive our Adversarial Exposure Validation (AEV) program. This role is a unique hybrid of defensive response and proactive testing, ensuring our detection controls are validated against real-world threat actor Tactics, Techniques, and Procedures (TTPs).

This is an ideal "next step" role for an experienced Cyber Analyst with a deep passion for high-stakes incident response, digital forensics, and threat mitigation.

• Working Pattern: Dynamic (hybrid) working; minimum 2 days per week on-site due to workload classification.
• Security Clearance: Candidates must be a British Citizen or a Dual UK national with British citizenship. Successful candidates must undergo HMG Basic Personnel Security Standard (BPSS) checks as a minimum.

• Lead DFIR
  
  Activities:
  
  Ensure forensic lab readiness, manage artifact life cycles, and deliver on complex forensic objectives.
• Technical Analysis: Conduct detailed malware reverse engineering, forensic analysis, and deep-dive cyber investigations.
• Tooling & Environments: Maintain and enhance forensic toolsets (e.g.,
  Magnet Axiom, Autopsy
  ) to ensure peak operational capability.
• Readiness: Lead Tabletop Exercises (TTEx) and maintain incident playbooks, documentation, and evidence-handling (Chain of Custody) processes.
• Operational Support: Perform endpoint and network investigations, including AV scans, remediation, and alert validation.

• Red & Purple Teaming: Advance the organization’s AEV by coordinating Red and Purple team activities to test control effectiveness.
• Threat Simulation: Replicate realistic attacker behaviors using tools such as Caldera, Atomic Red Team, Attack
  
  IQ, SCYTHE, or Cobalt Strike
  .
• Intelligence Integration: Translate threat intelligence into testable hypotheses and simulation exercises.
• Continuous Improvement: Produce metrics on detection coverage and support SOC operations by implementing lessons learned from validation activities.

• Proven Incident Handling: Demonstrable experience managing Ransomware containment, Business Email Compromise (BEC), Cloud account takeovers, and Insider Threats.
• Communication: Ability to lead incident response calls, advise senior leadership, and draft concise executive summaries.
• Strategic Thinking: Ability to identify root causes and recommend sustainable, long-term mitigation strategies.
• Project Mindset: Experience contributing to cyber projects that enhance threat detection and response maturity.

• Financial Rewards: Annual company bonus (up to £2,500 based on performance) and opportunities for paid overtime.
• Retirement: A generous pension scheme with total contributions (employer and employee) up to 14%.
• Work-Life Balance:
  Flexi Leave (up to 15 additional days off per year) and flexible working arrangements.
• Family Support: Enhanced parental leave (up to 26 weeks for maternity/adoption) plus support for neonatal care and fertility treatments.
• Health & Perks: Healthcare Cash Plan (optical, dental etc.), subsidised site facilities, and free car parking.