Cyber security incident manager

Telecommute
Cardiff, United Kingdom
3 days ago

Role details

Contract type
Temporary contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English

Job location

Remote
Cardiff, United Kingdom

Tech stack

Computer Security
Phishing
Security Information and Event Management
Forensic Toolkit
Malware
Cyber Threat Analysis
Security Orchestration, Automation & Response

Job description

Incident Response & Management

  • Lead and coordinate major cyber security incidents (e.g., ransomware, data breaches, phishing campaigns, insider threats).
  • Serve as primary incident commander during high?severity events.
  • Oversee triage, impact assessment, containment strategies, and remediation plans.
  • Ensure timely escalation and communication to leadership and relevant stakeholders.
  • Maintain accurate incident logs, timelines, and evidence for audits or legal processes.

Threat Analysis & Investigation

  • Direct technical investigations, working with SOC analysts, threat intelligence teams, and external partners.
  • Analyse attack vectors, exploits, and root causes.
  • Guide forensic activity where required, ensuring evidence integrity.

Governance, Reporting & Continuous Improvement

  • Produce detailed incident reports, executive summaries, and post?incident reviews.
  • Track incident metrics, trends, and lessons learned to improve security posture.
  • Drive improvements in incident response playbooks, processes, and tooling.
  • Ensure incidents are handled in alignment with frameworks such as NIST

Stakeholder & Vendor Coordination

  • Act as the key liaison during incidents with IT, Risk, Legal, Compliance, HR, Communications, and third?party partners.
  • Support customer?facing communication where relevant (for MSSP or managed services environments).
  • Manage relationships with external responders, MSSPs, and law enforcement as applicable.

Operational Readiness

  • Support the development and delivery of cyber incident simulations, tabletop exercises, and readiness assessments.
  • Ensure IR documentation is current, accessible, and aligned with business needs.
  • Provide mentoring and support to junior analysts and incident responders.

Requirements

  • Proven experience leading complex cyber security incidents in a mid?to?large enterprise or MSSP environment.
  • Strong understanding of attack methodologies, malware behaviour, and adversary TTPs.
  • Experience with SIEM, EDR, SOAR, threat intel platforms, and forensic tools.
  • Deep knowledge of IR frameworks:
  • Ability to make clear decisions under pressure and command multi?disciplinary response teams.
  • Excellent communication skills, with the ability to convey technical detail to senior leadership.

Apply for this position