BRISTOL OR STEVENAGE - Sole British Citizen We are seeking a proactive CERT Incident Responder to lead our Digital Forensics and Incident Response (DFIR) readiness and drive our Adversarial Exposure Validation (AEV) program. This role is a unique hybrid of defensive response and proactive testing, ensuring our detection controls are validated against real-world threat actor Tactics, Techniques, and Procedures (TTPs). This is an ideal "next step" role for an experienced Cyber Analyst with a deep passion for high-stakes incident response, digital forensics, and threat mitigation. Compensation & Logistics Salary: £50,000 - £60,000 (depending on experience). Working Pattern: Dynamic (hybrid) working; minimum 2 days per week on-site due to workload classification. Security Clearance: Candidates must be a British Citizen or a Dual UK national with British citizenship. Successful candidates must undergo HMG Basic Personnel Security Standard (BPSS) checks as a minimum. Key Responsibilities Digital Forensics & Incident Response (DFIR) Lead DFIR Activities: Ensure forensic lab readiness, manage artifact lifecycles, and deliver on complex forensic objectives. Technical Analysis: Conduct detailed malware reverse engineering, forensic analysis, and deep-dive cyber investigations. Tooling & Environments: Maintain and enhance forensic toolsets (e.g., Magnet Axiom, Autopsy ) to ensure peak operational capability. Readiness: Lead Tabletop Exercises (TTEx) and maintain incident playbooks, documentation, and evidence-handling (Chain of Custody) processes. Operational Support: Perform endpoint and network investigations, including AV scans, remediation, and alert validation. Adversarial Exposure Validation (AEV) Red & Purple Teaming: Advance the organizations AEV by coordinating Red and Purple team activities to test control effectiveness. Threat Simulation: Replicate realistic attacker behaviors using tools such as Caldera, Atomic Red Team, AttackIQ, SCYTHE, or Cobalt Strike. Intelligence Integration: Translate threat intelligence into testable hypotheses and simulation exercises. Continuous Improvement: Produce metrics on detection coverage and support SOC operations by implementing lessons learned from validation activities. What We Are Looking For Proven Incident Handling: Demonstrable experience managing Ransomware containment, Business Email Compromise (BEC), Cloud account takeovers, and Insider Threats. Communication: Ability to lead incident response calls, advise senior leadership, and draft concise executive summaries. Strategic Thinking: Ability to identify root causes and recommend sustainable, long-term mitigation strategies. Project Mindset: Experience contributing to cyber projects that enhance threat detection and response maturity. What We Offer Financial Rewards: Annual company bonus (up to £2,500 based on performance) and opportunities for paid overtime. Retirement: A generous pension scheme with total contributions (employer and employee) up to 14%. Work-Life Balance: Flexi Leave (up to 15 additional days off per year) and flexible working arrangements. Family Support: Enhanced parental leave (up to 26 weeks for maternity/adoption) plus support for neonatal care and fertility treatments. Health & Perks: Healthcare Cash Plan (optical, dental, etc.), subsidised site facilities, and free car parking.