We're Hiring: Principal Incident Response Investigator / Consultant - Remote - £85k
📍 UK-based | DV Clearance Required (or ability to attain)
💼 Consulting | Cyber Security | Digital Forensics | Incident Response
Are you ready to lead the front line in cyber defence?
We’re looking for a Principal Incident Response Investigator / Consultant to take the lead in high-stakes, high-impact engagements across government, critical national infrastructure, and private sector clients.
This is a senior, client-facing role for a seasoned professional who thrives under pressure, communicates with confidence, and brings deep technical expertise to the table.
💥 What You’ll Do
* Lead Complex Investigations: Own end-to-end incident response engagements — from triage and containment through to forensic analysis, recovery, and reporting.
* Take Command in Crisis: Act as incident commander for major breaches, guiding clients, coordinating stakeholders, and engaging with law enforcement when needed.
* Advise at the Highest Level: Deliver briefings to executives, boards, regulators, and legal teams in the heat of the moment.
* Apply Deep Forensics: Investigate across Windows, Linux, macOS, cloud, SaaS, and hybrid environments.
* Grow Our Capabilities: Develop playbooks, tools, and methodologies that raise the bar for incident response delivery.
* Mentor & Inspire: Coach junior investigators and contribute to internal knowledge sharing and external thought leadership.
🔐 What We're Looking For
* DV clearance (or the ability to obtain it) – this is essential.
* Extensive experience in incident response, forensics, or threat hunting, ideally in a consultancy or client-facing role.
* Proven track record leading large-scale incidents — ransomware, insider threats, nation-state intrusions.
* Strong technical capabilities in forensic tooling, EDR/SIEM, scripting (Python, PowerShell, Bash), and cloud environments.
* Excellent communication skills and confidence engaging with both technical and executive audiences.
✅ Preferred Qualifications
* ChCSP – Incident Response (or willingness to attain).
* GIAC (GCFA, GCFE, GEIR, GREM, GNFA), CREST CRTIR, CISM, or CISSP certifications.
* Experience liaising with legal, regulatory, and insurance stakeholders during high-pressure incidents.
* Background in reverse engineering, threat intelligence, or TTP attribution.
* Public contributions to the security community (e.g. speaking, publishing, tooling).
🌟 What You’ll Get from Us
* Competitive salary, plus overtime and on-call allowances
* Dedicated research time
* Fully funded certifications
* The chance to lead response efforts on globally significant incidents
* Exposure to diverse clients and technologies, across sectors and industries
🔗 Join Us
This is more than a job — it's a mission-critical role at the sharp edge of cybersecurity. If you're ready to make a real impact and guide organisations through their most challenging moments, we want to hear from you.
Apply now or send your CV to C.burn@ltharper.com