Job Specifications
Job Title:Cyber Security Incident Response Specialist
Location:London, Wokingham, or Warwick (2 days per week onsite - hybrid working)
Contract Duration:6months + initially, with high potential for extension (long-term programme)
Clearance: SC required or eligible
THIS PROJECT IS INSIDE IR35
Project Overview:
We are looking for an experienced Cyber Security Incident Response Specialist to join a high-impact security programme supporting the resilience of UK critical national infrastructure (CNI).
You'll join a team responsible for responding to cyber threats across both cyber and physical domains - helping to manage the full incident life cycle, improve response maturity, and develop scalable IR documentation and exercises.
This is a specialist role for someone with real-world IR experience and the ability to assess, escalate, and coordinate technical and business responses.
Key Responsibilities:
Lead or support incident response (IR) activities across the full life cycle: detection, triage, containment, eradication, recovery, and lessons learned
Develop and maintain IR playbooks, plans, and post-incident reports
Support post-incident reviews, including root cause analysis (RCA) and lessons learned sessions
Design and deliver incident response exercises (eg tabletop simulations)
Act as a subject matter expert (SME) for incident response processes and frameworks
Collaborate with SOC teams, technical SMEs, and non-technical stakeholders
Communicate IR outcomes effectively via reports, presentations, and briefings
Build working relationships across internal security functions and external CNI/regulatory stakeholders
Mandatory Requirements (Must-Have):
Strong, recent experience in cybersecurity incident response
Ability to make informed decisions during incidents (triage, escalate, communicate)
Experience working in Critical National Infrastructure (CNI) sectors - eg utilities, energy, telco, banking, health, defence, or transport
Working knowledge of NIST, MITRE ATT&CK, or equivalent frameworks
Proven ability to communicate IR findings to technical and non-technical audiences
Experience contributing to or owning IR playbooks, SOPs, or RCA documentation
Must hold current SC clearance or have been previously cleared within the last 12-18 months
Desirable Skills (Nice-to-Have):
Experience within the energy or utilities sector
Exposure to OT/ICS environments (eg SCADA, PLCs, DCS)
Experience delivering or supporting tabletop IR exercises
Familiarity with tools like Microsoft Sentinel, Defender, Splunk, QRadar, Tenable, CrowdStrike, etc.
Industry certifications such as CISSP, GCFA, GEIR, CCIM, CISM, CEH, or equivalent
What We're Not Looking For: Junior SOC analysts (L1/L2 triage only)
Generalist cyber roles without deep IR exposure
Candidates without experience in CNI or enterprise-scale IR