Key Responsibilities
- End-to-End Incident Response Leadership: Lead high-severity security incidents from detection through recovery, including triage, containment, eradication, stakeholder coordination, and post-incident reporting.
- Stakeholder & Executive Engagement: Act as the primary point of contact during incident response engagements, working closely with executive and senior leadership to communicate incident scope, impact, and mitigation strategies clearly and effectively.
- Incident Response & Recovery Execution: Direct and oversee incident response and recovery activities across endpoint, network, and cloud environments, ensuring rapid containment and thorough remediation.
- Digital Forensics & Root Cause Analysis: Lead forensic investigations by analysing logs, memory, and forensic artefacts to determine initial access vectors, root cause, and end-to-end adversary timelines.
- Proactive Threat Detection & Hunting: Lead intelligence-led threat hunting and compromise assessments across diverse infrastructures to proactively identify hidden or persistent threats and incorporate findings into incident scoping and remediation plans.
- Strategy, Playbooks & Maturity Development: Develop, maintain, and continuously enhance incident response playbooks, detection logic, and hunting queries, aligning capabilities with the MITRE ATT&CK framework and industry best practices.
Requirements:
Technical & Professional Experience
- Bachelor Degree in Computer Science, Information Technology, Cybersecurity or equivalent.
- Strong hands-on expertise across the full incident response lifecycle, including forensic principles and advanced malware behaviour
- Deep, platform-agnostic experience with DFIR, EDR, IR, SIEM, and cloud security tooling, with emphasis on investigative methodology and outcomes
- Expert-level ability to analyse operating system, network (e.g. firewall, proxy), and cloud telemetry for evidence collection and incident reconstruction
- Extensive knowledge of network protocols, modern adversary Tactics, Techniques, and Procedures (TTPs), and the MITRE ATT&CK framework
Certifications (Preferred)
- GCIH, GCFA, CHFI, or equivalent advanced Incident Response / DFIR certifications
Soft Skills & Leadership Attributes
- Strong analytical and detail-oriented problem-solving skills, with the ability to balance security response with client business requirements
- Proven ability to remain calm, decisive, and effective in high-pressure, high-impact incident scenarios
- Excellent verbal and written communication skills, essential for leading teams and managing senior stakeholder communications
- Self-driven and independent leader capable of driving large-scale incident response efforts with minimal supervision
