Job Title - Cyber security incident manager
SC cleared or eligible for clearance.
3 month rolling ( likely 1 year)
Fully remote
Key Responsibilities
Incident Response & Management
* Lead and coordinate major cyber security incidents (e.g., ransomware, data breaches, phishing campaigns, insider threats).
* Serve as primary incident commander during high?severity events.
* Oversee triage, impact assessment, containment strategies, and remediation plans.
* Ensure timely escalation and communication to leadership and relevant stakeholders.
* Maintain accurate incident logs, timelines, and evidence for audits or legal processes.
Threat Analysis & Investigation
* Direct technical investigations, working with SOC analysts, threat intelligence teams, and external partners.
* Analyse attack vectors, exploits, and root causes.
* Guide forensic activity where required, ensuring evidence integrity.
Governance, Reporting & Continuous Improvement
* Produce detailed incident reports, executive summaries, and post?incident reviews.
* Track incident metrics, trends, and lessons learned to improve security posture.
* Drive improvements in incident response playbooks, processes, and tooling.
* Ensure incidents are handled in alignment with frameworks such as NIST
Stakeholder & Vendor Coordination
* Act as the key liaison during incidents with IT, Risk, Legal, Compliance, HR, Communications, and third?party partners.
* Support customer?facing communication where relevant (for MSSP or managed services environments).
* Manage relationships with external responders, MSSPs, and law enforcement as applicable.
Operational Readiness
* Support the development and delivery of cyber incident simulations, tabletop exercises, and readiness assessments.
* Ensure IR documentation is current, accessible, and aligned with business needs.
* Provide mentoring and support to junior analysts and incident responders.
Essential Skills & Experience
* Proven experience leading complex cyber security incidents in a mid?to?large enterprise or MSSP environment.
* Strong understanding of attack methodologies, malware behaviour, and adversary TTPs.
* Experience with SIEM, EDR, SOAR, threat intel platforms, and forensic tools.
* Deep knowledge of IR frameworks:
* Ability to make clear decisions under pressure and command multi?disciplinary response teams.
* Excellent communication skills, with the ability to convey technical detail to senior leadership.