Key Responsibilities
Lead and coordinate the organisations response to security incidents from detection through containment, eradication, recovery, and closure
Act as the incident commander during security incidents, leading incident bridge calls, war rooms, and stakeholder updates
Coordinate and oversee forensic investigations, including evidence preservation, scoping, and investigative workflows
Ensure proper forensic handling, chain of custody, and documentation during incidents
Work with internal teams, the outsourced SOC, and external forensic providers to support root cause analysis and impact assessment
Maintain close alignment with the SOC provider to ensure timely alert escalation, investigation, and response actions
Review forensic findings, timelines, and reports to validate accuracy and completeness
Coordinate with infrastructure, cloud, application, IT, and security teams to support investigation and remediation activities
Track incident actions, decisions, owners, and timelines to ensure accountability and timely closure
Ensure timely and accurate communication to leadership, legal, compliance, and other stakeholders during incidents
Lead post-incident reviews and lessons learned, driving corrective and preventive actions
Maintain and improve incident response and forensic investigation playbooks and procedures
Support incident response testing, tabletop exercises, and readiness activities
Required Qualifications
Experience in incident response, digital forensics, security operations, or SOC environments
Strong technical understanding of security incidents and forensic investigations across:
Network environments
AWS or other cloud platforms
Linux and Windows operating systems
Knowledge of forensic principles, evidence handling, and investigation methodologies
Experience coordinating cross-functional technical teams during high-pressure incidents
Strong leadership, communication, and stakeholder management skills
Ability to make sound technical and business decisions during live incidents
Preferred Qualifications
Previous experience as a SOC Analyst or DFIR professional transitioning into a management role
Experience managing outsourced SOC or forensic service providers
Familiarity with forensic and incident response tools (e.g., SIEM, EDR, forensic analysis platforms)
Experience supporting regulatory, legal, or breach notification processes
TPBN1_UKTJ