Cyber Security Incident Response (IR) Specialist - Inside IR35 - Long Term Contract

Job Title: Cyber Security Incident Response Specialist

Location: London, Wokingham, or Warwick (2 days per week onsite - hybrid working)

Contract Duration: 6months + initially, with high potential for extension (long-term programme)

Clearance: SC required or eligible

THIS PROJECT IS INSIDE IR35

Project Overview:

We are looking for an experienced Cyber Security Incident Response Specialist to join a high-impact security programme supporting the resilience of UK critical national infrastructure (CNI).

You'll join a team responsible for responding to cyber threats across both cyber and physical domains - helping to manage the full incident life cycle, improve response maturity, and develop scalable IR documentation and exercises.

This is a specialist role for someone with real-world IR experience and the ability to assess, escalate, and coordinate technical and business responses.

Key Responsibilities:

• Lead or support incident response (IR) activities across the full life cycle: detection, triage, containment, eradication, recovery, and lessons learned
• Develop and maintain IR playbooks, plans, and post-incident reports
• Support post-incident reviews, including root cause analysis (RCA) and lessons learned sessions
• Design and deliver incident response exercises (eg tabletop simulations)
• Act as a subject matter expert (SME) for incident response processes and frameworks
• Collaborate with SOC teams, technical SMEs, and non-technical stakeholders
• Communicate IR outcomes effectively via reports, presentations, and briefings
• Build working relationships across internal security functions and external CNI/regulatory stakeholders

Mandatory Requirements (Must-Have):

• Strong, recent experience in cybersecurity incident response
• Ability to make informed decisions during incidents (triage, escalate, communicate)
• Experience working in Critical National Infrastructure (CNI) sectors - eg utilities, energy, telco, banking, health, defence, or transport
• Working knowledge of NIST, MITRE ATT&CK, or equivalent frameworks
• Proven ability to communicate IR findings to technical and non-technical audiences
• Experience contributing to or owning IR playbooks, SOPs, or RCA documentation
• Must hold current SC clearance or have been previously cleared within the last 12-18 months

Desirable Skills (Nice-to-Have):

• Experience within the energy or utilities sector
• Exposure to OT/ICS environments (eg SCADA, PLCs, DCS)
• Experience delivering or supporting tabletop IR exercises
• Familiarity with tools like Microsoft Sentinel, Defender, Splunk, QRadar, Tenable, CrowdStrike, etc.
• Industry certifications such as CISSP, GCFA, GEIR, CCIM, CISM, CEH, or equivalent

What We're Not Looking For:

1. Junior SOC analysts (L1/L2 triage only)
2. Generalist cyber roles without deep IR exposure
3. Candidates without experience in CNI or enterprise-scale IR