Cyber Incident Response Lead - Inside IR35 - SC Cleared The Cyber Incident Response Lead Specialist will take ownership of incident readiness and response across a highly secure defence programme. Operating in a classified environment, the role leads the technical and procedural response to cyber incidents, ensuring rapid containment, investigation, and recovery while maintaining compliance with defence security standards. This is a hands-on leadership role, bridging SOC operations, engineering teams, and senior security stakeholders. Key Responsibilities Lead cyber incident response activities across classified environments Act as technical authority during live incidents, coordinating triage, containment, eradication and recovery Develop, test and maintain incident response playbooks and escalation paths Oversee forensic investigation activities and root cause analysis Coordinate post-incident reviews and lessons-learned exercises Interface with SOC, vulnerability, engineering and assurance teams to reduce recurrence risk Support cyber resilience testing, including tabletop and red-team scenarios Required Experience & Capability Proven experience leading cyber incident response within secure or regulated environments Strong knowledge of incident response frameworks (e.g. NIST 800-61 aligned approaches) Experience operating in classified, restricted or air-gapped networks Ability to lead under pressure and communicate clearly with technical and non-technical stakeholders Background working alongside SOC, threat intelligence or security engineering teams Security & Working Environment SC clearance required (minimum) Highly secure defence environment with classified systems Hybrid working: Reading site, 2-3 days per week Contract Summary Contract role, inside IR35, £500 - £550 Reading-based, hybrid working 2 - 3 days a week on site (expansible)