BRISTOL OR STEVENAGE - Sole British Citizen
We are seeking a proactive CERT Incident Responder to lead our Digital Forensics and Incident Response (DFIR) readiness and drive our Adversarial Exposure Validation (AEV) program. This role is a unique hybrid of defensive response and proactive testing, ensuring our detection controls are validated against real-world threat actor Tactics, Techniques, and Procedures (TTPs).
This is an ideal "next step" role for an experienced Cyber Analyst with a deep passion for high-stakes incident response, digital forensics, and threat mitigation.
Compensation & Logistics
Salary: £50,000 - £60,000 (depending on experience).
Working Pattern: Dynamic (hybrid) working; minimum 2 days per week on-site due to workload classification.
Security Clearance: Candidates must be a British Citizen or a Dual UK national with British citizenship. Successful candidates must undergo HMG Basic Personnel Security Standard (BPSS) checks as a minimum.
Key Responsibilities
Digital Forensics & Incident Response (DFIR)
Lead DFIR Activities: Ensure forensic lab readiness, manage artifact lifecycles, and deliver on complex forensic objectives.
Technical Analysis: Conduct detailed malware reverse engineering, forensic analysis, and deep-dive cyber investigations.
Tooling & Environments: Maintain and enhance forensic toolsets (e.g., Magnet Axiom, Autopsy ) to ensure peak operational capability.
Readiness: Lead Tabletop Exercises (TTEx) and maintain incident playbooks, documentation, and evidence-handling (Chain of Custody) processes.
Operational Support: Perform endpoint and network investigations, including AV scans, remediation, and alert validation.
Adversarial Exposure Validation (AEV)
Red & Purple Teaming: Advance the organizations AEV by coordinating Red and Purple team activities to test control effectiveness.
Threat Simulation: Replicate realistic attacker behaviors using tools such as Caldera, Atomic Red Team, AttackIQ, SCYTHE, or Cobalt Strike .
Intelligence Integration: Translate threat intelligence into testable hypotheses and simulation exercises.
Continuous Improvement: Produce metrics on detection coverage and support SOC operations by implementing lessons learned from validation activities.
What We Are Looking For
Proven Incident Handling: Demonstrable experience managing Ransomware containment, Business Email Compromise (BEC), Cloud account takeovers, and Insider Threats.
Communication: Ability to lead incident response calls, advise senior leadership, and draft concise executive summaries.
Strategic Thinking: Ability to identify root causes and recommend sustainable, long-term mitigation strategies.
Project Mindset: Experience contributing to cyber projects that enhance threat detection and response maturity.
What We Offer
Financial Rewards: Annual company bonus (up to £2,500 based on performance) and opportunities for paid overtime.
Retirement: A generous pension scheme with total contributions (employer and employee) up to 14% .
Work-Life Balance: Flexi Leave (up to 15 additional days off per year) and flexible working arrangements.
Family Support: Enhanced parental leave (up to 26 weeks for maternity/adoption) plus support for neonatal care and fertility treatments.
Health & Perks: Healthcare Cash Plan (optical, dental, etc.), subsidised site facilities, and free car parking.
TPBN1_UKTJ