Cyber Digital Forensics & Incident Response Manager

An excellent opportunity has arisen within our Team for a Digital Forensics & Incident Response (DFIR) Manager. DFIR (Digital Forensics and Incident Response) is a specialist cyber security capability which is responsible for delivering rapid, highimpact incident response and investigation during significant cyber events, such as Malware or Ransomware attacks or Cyber security breaches.

The Digital Forensics and Incident Response Manager is a leadership position within Capgemini's Cyber Defence Centre's (CDC's) team, this role will oversee the DFIR Service, taking responsibility for all aspects of service delivery, and the successful candidate will be one of the foremost technical experts for all aspects of cyber incident response, ensuring that the team are all suitably trained and that cyber incidents are handled in accordance with the requirements of our clients. You will manage a team of DFIR analysts and be responsible for the management of the services provided to our clients, ensuring they cover the key contractual deliverables/requirements and that clients are satisfied with the quality and performance of the services.

You will need to demonstrate experience of developing, managing and mentoring a Team and ensuring that appropriate resources are in place to deliver a first-class service, delivering against SLAs and KPIs. You will also need excellent Stakeholder management skills including the ability to translate complex technical threats and vulnerabilities into executive-friendly insights that articulate potential business risks and recommended actions.

Who You'll Work With

You'll led a close-knit team of DFIR analysts within a 24x7 oncall model, Cyber Threat Intelligence (CTI) analysts and collaborating with DFIR, CDC, and client teams. You'll be surrounded by professionals who are passionate about cybersecurity and committed.

Hybrid working : The places that you work from day to day will vary according to your role, your needs, and those of the business; it will be a blend of Company offices, client sites, and your home; noting that you will be unable to work at home 100% of the time.

Your role

• Lead and coordinate end-to-end cyber incident response activities, ensuring effective containment, eradication, and recovery during high-severity incidents
• Oversee and perform digital forensic investigations, including evidence collection, preservation, and analysis across endpoint and cloud-based environments
• Own the delivery of incident reporting and executive briefings, translating technical findings into business risk and actionable recommendations
• Establish and maintain DFIR processes, playbooks, and runbooks, ensuring alignment with recognised standards such as NCSC CIR
• Lead, mentor, and manage a team of DFIR analysts, ensuring operational readiness, on-call coverage, and delivery against SLAs and KPIs

You can bring your whole self to work. At Capgemini building an inclusive future is part of everyday life and will be part of your working reality. We have built a representative and welcoming environment, for everyone.

• Experienced in managing a distributed team of DFIR specialists and related technical teams.
• Strong experience leading cyber incident response, managing high-severity incidents and coordinating technical and stakeholder response
• Hands-on expertise in digital forensics, including evidence collection and analysis across endpoint and cloud environments (e.g. AWS, Azure)
• Ability to deliver clear incident reports and executive briefings, translating technical findings into business impact and actions
• Experience developing and improving DFIR processes and playbooks, aligned to recognised frameworks such as NCSC CIR
• Relevant industry certifications such as CREST (CPIA/CRIA) or SANS (GCIA, GCIH, GCFA).

We are a Disability Confident Employer

Capgemini is proud to be a Disability Confident Employer (Level 2) under the UK Government's Disability Confident scheme. As part of our commitment to inclusive recruitment, we will offer an interview to all candidates who:

• Declare they have a disability, and
• Meet the minimum essential criteria for the role.

Please opt in during the application process.

Your security clearance and pre-employment checks

If you are successfully offered this position, you will go through a series of pre-employment checks, including: identity, nationality (single or dual) or immigration status, employment history going back 3 continuous years, and unspent criminal record check (known as Disclosure and Barring Service)

Some roles will also require an additional level of security clearance:

Security Check (SC) Clearance:

To be successfully appointed to this role, it is a requirement to obtain Security Check (SC) clearance.

To obtain SC clearance, the successful applicant must have resided continuously within the United Kingdom for the last 5 years, along with other criteria and requirements.

Throughout the recruitment process, you will be asked questions about your security clearance eligibility such as, but not limited to, country of residence and nationality.

Some posts are restricted to sole UK Nationals for security reasons; therefore, you may be asked about your citizenship in the application process.

Make it real - what does it mean for you?

Flexibility to work your way You will be encouraged to have a positive work-life balance. Our hybrid-first way of working means we embed hybrid working in all that we do and make flexible working arrangements the day-to-day reality for our people. All UK employees are eligible to request flexible working arrangements.

Your wellbeing You'd be joining an accredited Great Place to work for Wellbeing in 2024. Employee wellbeing is vitally important to us as an organisation. We see a healthy and happy workforce a critical component for us to achieve our organisational ambitions.

To help support wellbeing we have trained 'Mental Health Champions' across each of our business areas, and we have invested in wellbeing apps such as Thrive and Peppy.

Shape your path You will be empowered to explore, innovate, and progress. You will benefit from Capgemini's 'learning for life' mindset, meaning you will have countless training and development opportunities from thinktanks to hackathons, and access to 250,000 courses with numerous external certifications from AWS, Microsoft, Harvard ManageMentor, Cybersecurity qualifications and much more.

Shared energy You'll be bringing your unique skills and perspectives to the team, inspiring and taking inspiration from your teammates as you unlock value in everything you do. You'll be joining a professional community of experts, who have got your back and will support you, every step of the way.

Capgemini ist einer der weltweit führenden Anbieter von Management- und IT-Beratung, Technologie-Services und Digitaler Transformation. Als ein Wegbereiter für Innovation unterstützt das Unternehmen seine Kunden bei deren komplexen Herausforderungen rund um Cloud, Digital und Plattformen.