Incident Response Manage

Job Description

The Role:

Our client is looking to hire an Incident Manager, to support their newly built SOC within one of their HMG clients. Working closely with the client and the wider group, you’ll help to identify and understand emerging threats and build the new incident response and incident management capabilities to support our mission to protect our client's estate and data.

As a strong communicator, you’ll partner with multiple stakeholders across the cybersecurity space to provide efficient incident response and remediation guidance to minimise the impact of cyber-attacks. The incident manager will oversee cyber incident coordination through a defined process which you will play an integral part in developing. You will provide guidance and governance for incident response containment, eradication, and remediation activities through 3rd part providers. The role requires a good understanding of cyber risk and the ability to make quick, effective decisions in fast paced and complex environments.

You’ll act as an ambassador, role modelling best practices and encouraging use of the cybersecurity team’s tools and services across our client's organisation and beyond.

This role forms part of a newly formed SOC team, working cross functionally with teams from across the group on our client, the workload is varied and will also support the SecOps team. This role would suit an incident manager who has a background in incident response working on a local and national level. A background in law enforcement or intelligence services will be a plus as the client infrastructure is classified as CNI (critical national infrastructure).

You will be reporting into the Head of SecOps and working closely with the SOC Lead but largely be required to self-manage your own workload including prioritisation of incidents. We’re always looking to raise the bar on our performance, learn new things and incorporate new technologies and undertake research related to technology enhancements and you will too!




  • Build the incident management capability, providing expert incident response, determining the threat and level of impact to our clients’ interests (including associated 3rd party incidents) and assets and coordinating the appropriate response
  • Shape incident management, system response, incident investigation and response principles and guidelines for incident management activities
  • Promote incident management, incident investigation and response best practices
  • Develop incident management playbooks and incident exercises
  • Familiarity with, or experience delivering, incident readiness and preparedness services, such as tabletop exercises, threat briefings, incident playbooks or runbooks, and capability gap analysis.
  • Provide incident root cause analysis, with a view to identifying and influencing future prevention by maintaining the Incident Response/Incident Management knowledge base
  • Co-ordinate and participate in Business Continuity / Disaster Recovery exercises including scenario development and feeding findings into service improvement initiatives
  • Coordinating written and verbal briefings to a variety of audiences, including boards, law enforcement, intelligence agencies, insurers, or legal counsel
  • A robust understanding of, and recent hands-on experience with:
  • digital forensics, technical incident response and remediation/containment strategies in enterprise networks
  • crisis and incident lifecycle management methodologies
  • enterprise security operations capabilities and tooling
  • enterprise IT networks and Active Directory
  • cloud services such as Azure, GCP, and AWS
  • common attacker techniques and associated frameworks (such as MITRE ATT&CK).
  • Improve our knowledge and understanding of emerging threats so that we’re better able to identify and detect attacks
  • Review and analyse data to identify trends and patterns.
  • Work with the SOC to identify patterns and propose strategic actions to reduce risks.
  • Identify vulnerability tools and platforms
  • Enable the wider organization to use incident management reports to make informed decisions



To be epic at the role you will have:

  • At least 5 years’ experience of leading an incident management and response team / function.
  • Deep knowledge and understanding of co-ordinating cross-organisational responses to security incidents.
  • Deep understanding of the threats against HMG departments and public sector organisations
  • Deep understanding of future threat landscape against HMG departments and public sector organisations
  • Client facing, and able to support clients and their environments across a wide technology stack
  • Demonstrable experience in developing and maintaining strong relationships with internal and external stakeholders
  • You should have experience in handling live cyber incidents in a functioning security operations centre
  • Knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
  • Good understanding of adversarial techniques.
  • Practical knowledge of threat modelling techniques and frameworks.
  • Strong leadership skills along with well-developed analytical skills
  • Excellent communication and presentation skills, with the ability to explain complex topics simply

Desirable but not essential

  • Hold relevant industry certifications 

Our clients purpose;

The group is a community of 150+ passionate people united by one overall mission... to make the world safer, one business at a time. We are the "one-stop shop" for all things cyber and are working to build a centre of excellence for our customers by building an amazing place to work, learn and develop for our people.

We work with a diverse range of clients, including large Governmental departments as well as other public sector organisations and businesses within the private sector. We're growing our business and our team through our continuous investment in developing technology and cyber capability; we aim to deliver innovation to our customers as fast as possible. Whether it's AI-driven ML-based threat intelligence or rapid start hybrid Cloud; our goal is to implement solutions that make us stand out in the market.