Lead Cybersecurity Incident Responder - IR, Cyber, - London

Lead Cybersecurity Incident Responder - IR, Cyber, - London / Hybrid (some travel European travel)

Salary: Competitive,

We are seeking a highly experienced cybersecurity professional with a strong background in incident response and advanced security operations.

Extensive hands-on experience in Incident Response (IR), SOC, MSSP, CSIRT, or DFIR, with a proven ability to handle urgent and complex client incidents under pressure.
European language is beneficial but not required.
Experience working in a 24/7 SOC environment, with a deep understanding of how SOC operations integrate with IR.
Expert knowledge of technologies such as Microsoft security stack, DFIR tooling, SIEM, Microsoft Defender/Sentinel, EDR platforms, timeline analysis, and cloud environments (Azure, AWS, or GCP).
Exposure to penetration testing, including red team or purple team exercises, is advantageous.
Ability to script or automate using Bash, Perl, Python, or PowerShell.
Strong analytical mindset and familiarity with hypothesis-driven investigation methods.
Confident understanding of compliance, legal requirements, and managing third-party vendor relationships.
Solid working knowledge of the MITRE ATT&CK framework.
Willingness to take part in on-call rotations.As the Lead Cybersecurity Incident Responder, you will play a critical role in guiding clients through high-impact, time-sensitive security incidents.

Conducting network, host, and forensic investigations, presenting clear and actionable findings to clients.
Providing on-call emergency support and leading swift, effective response actions.
Handling complex and sensitive IR engagements across a wide range of industries and technical environments.
Acting as a trusted advisor, consulting directly with clients and collaborating with senior leadership.
Producing detailed technical reports and executive-level summaries.
Mentoring and supporting junior members of the team