Cyber-Security Incident Response Specialist- Warwick (Hybrid) - Inside IR35

Cyber Security Incident Response Specialist

Location: Warwick

Work Pattern: Hybrid (2x-3x days a week onsite)

Duration: 6-12 months + extension

THIS PROJECT IS INSIDE IR35

PLEASE READ - Only candidates with STRONG and RECENT Energy/Utility Domain experience will be considered - (profiles with less than 3-5 years total energy/Utility domain experience will be REJECTED -

(Must have at least 1 energy/utility domain experience in the last 5 years - 2020/2025)

Spec:

A growing security team is seeking a Cyber Security Incident Response Specialist to help develop, deliver, and continuously improve how security incidents are handled across the organisation.

In this role, you will lead technical investigations, coordinate responses to cyber threats, and collaborate with both cyber and physical security operations teams. You'll also help shape how incident response is exercised and tested across the business.

What You'll Be Doing

• Develop and maintain incident response (IR) plans, processes, and documentation

• Lead the implementation of IR processes during live incidents - detection, containment, remediation, and recovery

• Conduct post-incident reviews and drive improvement based on lessons learned

• Support and coordinate with both the Cyber Security Operations Centre and Physical Security Operations Centre

• Design and deliver IR exercises (eg tabletop scenarios) at different organisational levels

• Report on incident response activities to internal and external stakeholders

• Provide technical cyber security expertise to analysts and colleagues

• Build strong relationships with wider security teams to ensure clear communications during incidents

• Work with government and sector stakeholders to align response procedures with industry requirements

What We're Looking For Must-Have Skills & Experience (Mandatory)

• Solid hands-on experience handling security incidents in large or complex organisations

• Background working with energy, utilities sectors

• Strong understanding of incident response frameworks (eg NIST, MITRE ATT&CK, SANS)

• Technical knowledge of incident detection, analysis, remediation, and recovery

• Experience working in or with SOC teams and tools (eg SIEM, EDR, IDS/IPS)

• Ability to create or contribute to incident response plans, policies, and documentation

• Experience leading or supporting post-incident investigations and reporting

• Excellent communication skills for briefing technical and non-technical stakeholders

• Degree in a relevant field or equivalent experience

• Relevant security certification(s) such as:

  • CISSP

  • CISM

  • GIAC Enterprise Incident Responder (GEIR)

  • Crest Certified Incident Manager (CCIM)

  • or other similar recognised credentials

Desirable (Bonus) Experience

• Experience delivering or participating in incident response exercises (eg tabletop drills)

• Exposure to Agile/DevSecOps environments

• Experience working with government regulators or external cyber security stakeholders