Enable job alerts via email!
Cyber Incident Response Lead
Trades Workforce Solutions
Greater London
Hybrid
GBP 80,000 - 100,000
Full time
Generate a tailored resume in minutes
Land an interview and earn more. Learn more
Job summary
A leading cybersecurity recruitment firm is looking for a Cyber Incident Response Lead to enhance incident response capabilities across a major organization. This hands-on role requires a strong background in incident response and digital forensics, with responsibilities including leading investigations and performing both host and network forensics. Applicants must have SC eligibility and 5+ years of UK residency. The position is UK-wide, with one required trip to London each month.
Qualifications
- 5+ years of experience in relevant Cybersecurity roles.
- SC eligibility — must have lived in the UK for the last 5 years.
- Strong technical understanding of modern attacker TTPs and the MITRE ATT&CK framework.
Responsibilities
- Lead and conduct full incident response investigations.
- Perform host forensics across various systems.
- Carry out network forensics and analyze packet flows.
- Use EDR platforms for threat hunting and evidence collection.
- Produce clear incident reports and support cyber defense activities.
Skills
Education
Tools
Cyber Incident Response Lead (Contract)
6-month initial contract | January start | Inside IR35 | UK-wide (travel to London 1 day/month)
Must be SC eligible, 5+ years UK residency
We are recruiting for a Cyber Incident Response Lead to support a major organisation with their incident response capability. This is a hands-on technical role for someone who thrives in fast-moving investigations, can lead response activities end-to-end, and is confident working across complex environments.
You can be based anywhere in the UK, with one day per month required in London. Occasional travel to client sites may be required (rare).
- Lead and conduct full incident response investigations: triage, containment, eradication and recovery.
- Perform host forensics across Windows, Linux, macOS and cloud workloads.
- Carry out network forensics using tools such as Wireshark, analysing packet flows, IDS alerts and lateral movement indicators.
- Use EDR platforms such as CrowdStrike, Microsoft Defender, Velociraptor (or similar) for threat hunting, evidence collection and response actions.
- Perform forensic analysis using tools like X-Ways, Autopsy/FTK, and other digital forensics suites.
- Use sandboxing and malware detonation environments to analyse suspicious files and behaviours.
- Produce clear incident reports, contribute to lessons-learned reviews and improve IR playbooks.
- Support proactive cyber defence activities such as table-top exercises, threat simulations, and readiness assessments.
- Strong background in Incident Response, Digital Forensics, Threat Hunting or SOC L3 roles.
- Deep technical understanding of modern attacker TTPs and the MITRE ATT&CK framework.
- Experience analysing evidence across endpoint, network and cloud environments.
- Familiarity with SIEM/IDS/IPS tooling and scripting/automation to accelerate investigations.
- Excellent communication and ability to work calmly in high-pressure situations.
- Relevant certs desirable (not essential): GCFE, GCFA, GREM, CISSP, CISM, etc.
- SC eligible — must have lived in the UK for the last 5 years.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
