Cyber Incident Response Tech CIRT Lead

This CIRT L3 Lead role is a hands-on leadership position responsible for end-to-end cyber incident response, proactive threat hunting, and detection engineering in Rapid7 InsightIDR for a retail-focused environment

My client is an international Consultancy firm, specialising in Cyber Security looking for a hands on Cyber Incident Response Tech Lead, responsible for end-to-end cyber incident response, proactive threat hunting, and detection engineering in Rapid7 InsightIDR for a retail-focused environment.

You will coordinate cross-functional technical teams during major incidents, drive containment and recovery, and own post-incident reviews and playbooks. The role includes mentoring CIRT analysts, enhancing SIEM/SOAR automation, and continuously improving processes using frameworks such as MITRE ATT&CK, NIST 800-61, and PCI DSS.

What this job is really about

  • Owning cyber incident response end-to-end: from first alert, through containment and eradication, to lessons learned and better playbooks.?

  • Turning threat hunting into a core capability: hypothesis-driven, adversary-based hunts that actually find things, not just tick a process box.?

  • Making Rapid7 InsightIDR work hard: building and tuning detection rules and UBA use cases so you see retail-relevant threats early and clearly.?

  • Being the person who connects the dots between frameworks like MITRE ATT&CK, NIST 800-61, PCI DSS and what actually happens on the ground.

Who this will suit

  • You've worked in SOC, Incident Response, or Threat Hunting and are comfortable leading complex investigations, not just following a runbook.?

  • You've used InsightIDR or another MDR/SIEM platform for rule creation, tuning and dashboards, and you're not afraid of SOAR tools like InsightConnect or Cortex XSOAR.?

  • Python or PowerShell are part of your toolkit, and retail networks, POS systems, and cloud infrastructure don't intimidate you.?

  • You can manage, coach, and challenge a CIRT team, handle stakeholders in the middle of a live incident, and still think strategically about where the function needs to go.?

Nice to have (but not deal-breakers)

  • Certifications such as GCIH, GCFA, CISSP, or Rapid7 InsightIDR Specialist.?

  • A track record of improving processes, not just operating them - plus the communication skills to bring people with you.?

Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates

Apply Now
Apply Now

Job Details

Company
Robert Walters
Location
West Yorkshire, England, United Kingdom
Employment Type
Full-Time
Salary
£70,000 - £80,000 per annum
Posted