Were looking for a highly technical Cyber Incident Responder to join a specialist incident response capability on a contract basis and/or Perm basis .
This role is hands-on and front-line. Youll be involved from the moment an incident breaks securing the environment, understanding what happened, containing the threat, and ensuring the organisation is safe to move forward.
Location & Travel
London office: minimum 1 day per month
Occasional client site visits may be required (realistically rare, but you must be comfortable with this)
What youll be doing
Leading and supporting live cyber incident response activities
Rapid containment, investigation, and eradication of threats
Performing deep technical analysis across endpoints, networks, and cloud environments
Conducting forensic investigations and root cause analysis
Advising stakeholders during high-pressure incidents
Supporting post-incident reviews and recovery activities
Working as part of a senior, trusted response team during critical events
What were looking for
Strong, hands-on technical background in Cyber Incident Response
Proven experience responding to real-world security incidents
Deep knowledge of:
Network and host-based forensics
Windows and/or Linux environments
Cloud platforms (AWS, Azure, GCP)
Malware analysis (tool-agnostic)
Ability to operate calmly and decisively during major incidents
Comfortable engaging with senior technical and non-technical stakeholders
Experience leading or heavily contributing to incident response efforts
Security Requirements
Must be SC eligible (or already hold SC clearance)
Nice to have
Industry certifications (e.g. GCIH, GCFA, GCFE, CISSP, CISM or similar)
Experience with on-call or high-severity incident rotations
Contract Details
Contract role (6 month with view to extend) /option for perm
Competitive day rate
Long-term potential depending on delivery and demand (work with high-profile clients, including government departments and FTSE 100 organisations)
If youre a true incident responder who enjoys being at the sharp end of cyber security, get in touch.
TPBN1_UKTJ