CERT Incident Responder

Location: Stevenage OR Bolton (2 days per week onsite)

Competitive Salary

Role details:
Our client, a prominent organisation within the defence and security sector, is seeking a skilled Incident Responder to join their team in Stevenage or Bolton. This role is focused on leading digital forensics and incident response activities, while also advancing adversarial exposure validation through red and purple team exercises. The successful individual will be critical in enhancing threat detection, response, and control strategies against real-world cyber threats within a high-security environment.

• Lead digital forensics and incident response (DFIR) activities, maintaining lab readiness and artefact management to meet forensic objectives.
• Develop and update forensic tools and environments to ensure operational capability (e.g., Magnet Axiom, Autopsy).
• Conduct in-depth forensic analysis, malware reverse engineering, and cyber investigations of complex incidents.
• Ensure proper chain of custody, evidence handling, and accurate documentation of forensic activities.
• Lead tabletop exercises to test and improve incident response plans and forensic readiness.
• Investigate network and endpoint security events, including AV scans and incident remediation, validating security alerts.
• Collaborate with security teams and external authorities to improve incident reporting, detection, and response capabilities.
• Support the development and maintenance of security policies, standards, and incident response playbooks.

• Significant experience in digital forensics, incident response, and malware analysis.
• Understanding of cyber threat intelligence, adversarial emulation tools, and common TTPs (Threat, Techniques, Procedures).
• Experience with forensic software such as Magnet Axiom or Autopsy.
• Proven ability to handle complex security incidents including ransomware, business email compromise, and large-scale phishing attacks.
• Familiarity with network and endpoint investigation techniques, and security alert validation.
• Knowledge of threat scenarios and advanced testing of detection platforms like SIEM, EDR, and XDR.
• Experience in managing incident cases and developing mitigation strategies.
• Effective communication skills, with ability to advise leadership and produce technical and executive reports.

• Proficiency in adversarial emulation tools such as Caldera, Atomic Red Team, AttackIQ, Cobalt Strike.
• Ability to translate threat intelligence into actionable testing and validation exercises.
• Experience in producing detection coverage metrics and forensic reports to support organisational maturity.
• Knowledge of emerging security trends, tools, and methodologies within cyber defence.
• Experience working within or alongside security operations centres (SOC).
• Understanding of UK security clearance processes and working within high-security environments.

• A competitive salary aligned with experience.
• Hybrid working model with a minimum of two days on-site per week.
• Additional benefits including a company bonus, pension contributions, paid overtime, and flexible leave options.
• Enhanced parental leave policies and access to excellent site facilities.
• Healthcare Cash Plan for everyday health expenses.
• Opportunities to develop your skills within a purpose-driven organisation contributing to national security.

If you're an experienced Incident Responder with a passion for cyber threat mitigation and forensic analysis, this is your next move. Apply now to become part of a team vital to safeguarding national security and pushing cyber resilience forward.