top of page

Cyber Incident Response Team Lead

Job Type:



Bristol, UK


Bristol, UK


Cyber Security




Share Page

Start Date:



Identifi Global Resources

Job Ref:



My client, a key player in aerospace, defence and security, is searching for a candidate with excellent Incident Response skills to lead their Cyber Incident Response Team.

You would work within my clients Security Operations Centre, which is responsible for providing technical investigation of incidents, managing ongoing incidents and providing specialist services such as malware analysis, digital forensics and cyber response capability development.

What does the role involve?

You will be responsible for managing the day-to-day operations of the CIRT and its wider improvement strategies. You'll be responsible for continually improving the Incident Response capability and identifying new opportunities for growth market expansion.

A typical day includes managing the response to cyber security incidents raised by customers and internal security monitoring teams. You will get hands on when required to provide subject matter expertise for incident investigation & response activities.

You'll also have the opportunity to lead and contribute to consulting engagements, which might see you training our clients on-site in best practice for cyber response, conducting investigations, or supporting our cyber consulting team as a technical lead.

Typical responsibilities for this role will also include:

  • Leading the professional delivery of all Cyber Incident Response and Digital Investigation services

  • Developing threat intelligence capabilities and strategies in conjunction with other operational teams and customers

  • Advising clients on how to best respond to any given incident, and on how to best implement mitigation measures which might prevent or limit future incidents.

  • Authoring and reviewing customer Cyber Incident Response Plans

  • Leading threat hunting programmes across available security devices and through operating system native or custom tooling

  • Managing a small team of technical specialists and supporting their professional development through coaching, training, and performance reviews

Who are we looking for?

You’ll need up-to-date knowledge of the digital forensics, incident response, & cyber security markets. Furthermore, you need to be eligible for SC Clearance. My client are looking for some of the following qualities:

  • Excellent knowledge of Cyber Security Incident Response processes and procedures with real-world application

  • Excellent knowledge of host-based investigations including digital forensic principles and practices

  • Excellent knowledge of how malware works and some experience in tearing it apart

  • Good experience in packet-level analysis, firewall and hypervisor administration, network appliance log analysis, and management of network intrusion detection and prevention systems

Why apply?

My client offers fantastic opportunities for learning, development & professional growth. As a team, they dedicate time to research projects & encourage our specialists to get involved in the InfoSec community in Bristol & beyond.

  • They will seek to support you and encourage you to fulfil your potential through:

  • Flex-leave schemes: We offer our employees the time & flexibility they need to enjoy a balanced life

  • Supportive relocation package: If you're not local already, we can make arrangements to get help you move to the area.

  • Award-winning pension scheme: Our multi-award-winning pension scheme includes generous employer contribution

  • Annual leave: We offer 25 days holiday plus 8 bank holidays

  • Employee discount schemes: We offer you and your family an attractive range of discounts from retail and cinema to hotel bookings and vehicles benefits

  • Career break: Where appropriate, we support our employees in pursuing other interests outside the workplace

  • Salary sacrifice schemes including childcare voucher scheme: We encourage working parents to save money on childcare by offering them several advantageous facilities & vouchers

  • Community Engagements: We support contributing to information security community events & conferences

For more information or to have a confidential conversation about this opportunity please contact Thom Taylor on or 01908 030131.

bottom of page