CERT Incident Responder

Bolton

The CERT Incident Responder leads digital forensics and incident response (DFIR) readiness, advancing the organisation's Adversarial Exposure Validation (AEV), including Red and Purple Team activities. The role ensures detection, response, and control validation against real‑world threat actor tactics, techniques and procedures (TTPs).

Salary: £50,000 – £60,000 depending on experience

Dynamic (hybrid) working: Minimum 2 days per week on site due to workload classification

Security clearance: British Citizen or a dual UK national with British citizenship. All successful candidates will undergo HMG Basic Personnel Security Standard checks (BPSS).

• Company bonus: Up to £2,500 (based on company performance and will vary year to year)
• Pension: Maximum total (employer and employee) contribution of up to 14 %
• Paid overtime: Opportunity for paid overtime
• Flexi leave: Up to 15 additional days
• Flexible working: We welcome applicants looking for flexible working arrangements
• Enhanced parental leave: Offers up to 26 weeks for maternity, adoption and shared parental leave – enhancements available for paternity, neonatal leave and fertility testing and treatments
• Facilities: Fantastic site facilities including subsidised meals, free car parking and more
• Healthcare cash plan: The Healthcare Cash Plan benefit provides the option to claim cash back on everyday healthcare expenses such as optical, dental, health and wellbeing and more.

• Lead DFIR activities, ensuring lab readiness, artefact management, and delivery of forensic objectives.
• Maintain and enhance forensic tools and environments (e.g., Magnet Axiom, Autopsy) to ensure operational capability.
• Conduct detailed forensic analysis, malware reverse engineering and cyber investigation of complex incidents.
• Ensure effective chain of custody, artefact preservation and evidence handling processes.
• Maintain accurate forensic documentation, incident playbooks and readiness rehearsal materials.
• Lead and execute tabletop exercises (TTEx) to test and improve incident response and forensic readiness.
• Perform network and endpoint investigations, including AV scans, incident remediation and validation of security alerts.
• Collaborate with IM/DEx and Security Operations to enhance incident reporting, alerting and notification services.
• Deputise for CERT responders during major incidents or third‑party attacks, coordinating with national and international partners (e.g., NCPC).
• Develop and maintain enterprise security documentation, including policies, standards, baselines, and playbooks.

• Identify root causes of security incidents and recommend sustainable mitigation strategies.
• Manage remediation and closure of security cases, ensuring timely implementation of corrective actions.
• Develop and maintain threat scenarios to validate detection and response across SOC, EDR, SIEM and XDR platforms.
• Translate threat intelligence into testable hypotheses and simulation exercises in collaboration with Threat Intelligence teams.
• Utilise adversarial emulation tools (Caldera, Atomic Red Team, AttackIQ, SCYTHE, Cobalt Strike, etc.) to replicate realistic attacker behaviours.
• Research and integrate emerging threats and TTPs into adversary emulation and validation methodologies.
• Produce detailed reporting and metrics on detection coverage, response performance and control effectiveness.
• Support the wider IM/DEx team by validating new or updated controls against advanced threat simulations.
• Support SOC operations with investigation, alert triage and lessons learned from adversarial validation and DFIR activities.
• Research and evaluate emerging security tools, technologies and methodologies; provide gap analysis and recommendations to influence investment.
• Deliver metrics, dashboards and reports demonstrating adversarial resilience and capability maturity.
• Contribute to small‑to‑medium cyber projects enhancing threat detection, emulation and response maturity.

• Demonstrable experience handling incidents such as:
• Ransomware containment and remediation
• Business email compromise investigations
• Cloud account takeover
• Insider threat events
• Large‑scale phishing attacks
• Leading incident response calls, advising leadership, and writing executive summaries

MBDA is a leading defence organisation. We are proud of the role we play in supporting the Armed Forces who protect our nations. We partner with governments to work together towards a common goal, defending our freedom.

We are proud of our employee‑led networks, including Gender Equality, Pride, Menopause Matters, Parents and Carers, Armed Forces, Ethnic Diversity, Neurodiversity, Disability and more.

We recognise that everyone is unique, and we encourage you to speak to us should you require any advice, support or adjustments throughout our recruitment process.