Job Description

• Lead high-severity security incidents from detection through recovery, including triage, containment, eradication, stakeholder coordination, and post-incident reporting.
• Act as the primary point of contact during incident response engagements, working closely with executive and senior leadership to communicate incident scope, impact, and mitigation strategies clearly and effectively.
• Direct and oversee incident response and recovery activities across endpoint, network, and cloud environments, ensuring rapid containment and thorough remediation.
• Lead forensic investigations by analysing logs, memory, and forensic artefacts to determine initial access vectors, root cause, and end-to-end adversary timelines.
• Lead intelligence-led threat hunting and compromise assessments across diverse infrastructures to proactively identify hidden or persistent threats and incorporate findings into incident scoping and remediation plans.
• Develop, maintain, and continuously enhance incident response playbooks, detection logic, and hunting queries, aligning capabilities with the MITRE ATT&CK® framework and industry best practices.

Job Requirements

• Bachelor Degree in Computer Science, Information Technology, Cybersecurity or equivalent.
• Strong hands-on expertise across the full incident response lifecycle, including forensic principles and advanced malware behaviour.
• Deep, platform-agnostic experience with DFIR, EDR, IR, SIEM, and cloud security tooling, with emphasis on investigative methodology and outcomes.
• Expert-level ability to analyse operating system, network (e.g. firewall, proxy), and cloud telemetry for evidence collection and incident reconstruction.
• Extensive knowledge of network protocols, modern adversary Tactics, Techniques, and Procedures (TTPs), and the MITRE ATT&CK® framework.
• GCIH, GCFA, CHFI, or equivalent advanced Incident Response / DFIR certifications holder is preferred.
• Strong analytical and detail-oriented problem-solving skills, with the ability to balance security response with client business requirements.
• Proven ability to remain calm, decisive, and effective in high-pressure, high-impact incident scenarios.
• Excellent verbal and written communication skills, essential for leading teams and managing senior stakeholder communications.
• Self-driven and independent leader capable of driving large-scale incident response efforts with minimal supervision.

Skills