Cyber Technical Incident Response

Cyber Incident Response

(Senior Consultant & Manager Levels)

Are you passionate about Cyber Security, Digital Forensics, and Incident Response?

We’re looking for Cyber Incident Response Consultants / Managers to join a growing global cyber practice, working across major enterprise clients and government‑grade environments.

This is a hands‑on, fast‑paced role where you’ll investigate advanced threats, deliver containment and remediation, and help organisations build resilience through forensic‑led analysis and proactive defence.

• Lead and support end‑to‑end incident response investigations, from detection through to containment and recovery.
• Conduct digital forensics on endpoints, servers, and cloud environments to uncover attack vectors and root cause.
• Perform network forensics using tools like Wireshark, analysing packet data and IDS alerts to trace malicious activity.
• Utilise EDR platforms such as CrowdStrike, Microsoft Defender, and Velociraptor for threat hunting and containment.
• Apply forensic analysis tools such as X-Ways, Autopsy (FTK), and other industry‑standard platforms.
• Use sandboxing technologies and malware analysis environments to investigate and detonate suspicious files safely.
• Develop and refine incident playbooks, drive post-incident reviews, and contribute to detection and response improvements.
• Participate in proactive threat simulations, war‑gaming, and readiness assessments to enhance client capabilities.

• Proven experience in Incident Response, Digital Forensics, or Threat Hunting.
• Strong technical understanding of Windows, Linux, and cloud environments.
• Knowledge of modern attack techniques, malware behaviours, and adversary TTPs (MITRE ATT&CK).
• Exposure to SIEM/IDS/IPS technologies, and scripting or automation for investigation workflows.
• Excellent communication and client‑facing skills, with the ability to work calmly under pressure.
• Relevant certifications desirable: CISSP, GCFE, GCFA, GREM, CISM, or equivalent hands‑on experience.
• SC clearance or eligibility (must have lived in the UK for 5+ years).
• Ability to travel occasionally to client sites as needed.

You’ll be part of a renowned global Cyber practice with access to world‑class training and professional development, including SANS and advanced technical certifications.

This is a hybrid role, typically involving one day per week or every few weeks in an office, with flexibility to travel for high‑impact client work when required.

If you thrive in fast‑moving environments, enjoy tackling real‑world cyber threats, and want to work with some of the best minds in Cyber Defence, we’d love to hear from you!

Locations can ideally be in either Manchester or London, however there is a possibility to do this role from anywhere in the UK as there are lots of other offices. Please get in touch for more information!