Lead Cybersecurity Incident Responder - IR, Cyber, - London

Lead Cybersecurity Incident Responder - IR, Cyber, - London / Hybrid (some travel European travel)

Salary: Competitive,

We are seeking a highly experienced cybersecurity professional with a strong background in incident response and advanced security operations.

• Extensive hands-on experience in Incident Response (IR), SOC, MSSP, CSIRT, or DFIR, with a proven ability to handle urgent and complex client incidents under pressure.
• European language is beneficial but not required.
• Experience working in a 24/7 SOC environment, with a deep understanding of how SOC operations integrate with IR.
• Expert knowledge of technologies such as Microsoft security stack, DFIR tooling, SIEM, Microsoft Defender/Sentinel, EDR platforms, timeline analysis, and cloud environments (Azure, AWS, or GCP).
• Exposure to penetration testing, including red team or purple team exercises, is advantageous.
• Ability to script or automate using Bash, Perl, Python, or PowerShell.
• Strong analytical mindset and familiarity with hypothesis-driven investigation methods.
• Confident understanding of compliance, legal requirements, and managing third-party vendor relationships.
• Solid working knowledge of the MITRE ATT&CK framework.
• Willingness to take part in on-call rotations.

As the Lead Cybersecurity Incident Responder, you will play a critical role in guiding clients through high-impact, time-sensitive security incidents.

• Conducting network, host, and forensic investigations, presenting clear and actionable findings to clients.
• Providing on-call emergency support and leading swift, effective response actions.
• Handling complex and sensitive IR engagements across a wide range of industries and technical environments.
• Acting as a trusted advisor, consulting directly with clients and collaborating with senior leadership.
• Producing detailed technical reports and executive-level summaries.
• Mentoring and supporting junior members of the team.