Cyber Incident Response Lead

Posted 6 hours 20 minutes ago by Trades Workforce Solutions

Permanent
Full Time
Other
London, United Kingdom
Job Description
Overview

Cyber Incident Response Lead (Contract)

6-month initial contract January start Inside IR35 UK-wide (travel to London 1 day/month)

Must be SC eligible, 5+ years UK residency

We are recruiting for a Cyber Incident Response Lead to support a major organisation with their incident response capability. This is a hands-on technical role for someone who thrives in fast-moving investigations, can lead response activities end-to-end, and is confident working across complex environments.

You can be based anywhere in the UK, with one day per month required in London. Occasional travel to client sites may be required (rare).

Key Responsibilities
  • Lead and conduct full incident response investigations: triage, containment, eradication and recovery.
  • Perform host forensics across Windows, Linux, macOS and cloud workloads.
  • Carry out network forensics using tools such as Wireshark, analysing packet flows, IDS alerts and lateral movement indicators.
  • Use EDR platforms such as CrowdStrike, Microsoft Defender, Velociraptor (or similar) for threat hunting, evidence collection and response actions.
  • Perform forensic analysis using tools like X-Ways, Autopsy/FTK, and other digital forensics suites.
  • Use sandboxing and malware detonation environments to analyse suspicious files and behaviours.
  • Produce clear incident reports, contribute to lessons-learned reviews and improve IR playbooks.
  • Support proactive cyber defence activities such as table-top exercises, threat simulations, and readiness assessments.
What You'll Bring
  • Strong background in Incident Response, Digital Forensics, Threat Hunting or SOC L3 roles.
  • Deep technical understanding of modern attacker TTPs and the MITRE ATT&CK framework.
  • Experience analysing evidence across endpoint, network and cloud environments.
  • Familiarity with SIEM/IDS/IPS tooling and scripting/automation to accelerate investigations.
  • Excellent communication and ability to work calmly in high-pressure situations.
  • Relevant certs desirable (not essential): GCFE, GCFA, GREM, CISSP, CISM, etc.
  • SC eligible - must have lived in the UK for the last 5 years.