Job Details

Cyber Security Incident Response Lead

City, London, United Kingdom

The UK 'lock-down' due to Corona virus has generated an increase in demand for best in class cyber security.

With spectacular year-on-year growth, Redscan needs more positive, forward thinking individuals to help collaborate within our growing team of professionals in London and Nottingham. Delivering and deploying the technologies needed to defend our broad base of existing and new clients (including NHS Trusts) from malicious cyber attacks.

New Role: Cyber Security Incident Response Lead

Location: London

Position: Full-time; Permanent

Salary: available upon enquiry, plus benefits (below)

An Offensive Mindset - Redscan Cyber Security

We are an award-winning and Crest accredited UK based cyber security company.

Our people are an elite team because Redscan think like the adversary, leveraging best-in-class threat detection solutions to outfox malicious and criminal cyber attacks.

We defend enterprises and charities, government departments and SMB's - against large-scale real-time attacks.

  • Culture - a friendly positive team where entrepreneurial and creative thinking is encouraged
  • Offensive security focused - thinking like the hacker to beat the hacker
  • Technology agnostic - using best-of-breed tools to create our MDR platform ThreatDetect
  • Customer focused - customer success is our success
  • Nimble / flexible - adapting to fast-changing customer requirements and technologies
  • Custom solutions - inhouse developers creating bespoke MDR platforms
  • COPS - our own unique platform to pull technologies and reporting together

Our team have been stretched during the pandemic due a combination of new enterprise and FTSE listed customers, and increased activity right across the cyber security arena. In addition to ongoing hiring in Engineering, the SOC, R&D, Sales and other areas, we are now looking for experienced Cyber Security Incident Response Lead.

This Incident Response Lead role will act as a subject matter expert and lead the Incident Response capability for the Security Operation Centre. They will help identify, implement and document appropriate methodologies and provide instruction to the SOC team in delivering these areas to customers.

Duties and Responsibilities

  • Assist the SOC Manager in providing Day to Day management of SOC Analysts and associated activity, with emphasis on the incident response activity.
  • Assist the SOC Manager in maturing Incident Response methodologies.
  • Support SOC Analysts in delivering real time proactive monitoring and response.
  • Provide targeted threat intelligence analysis to better target threat hunting activity.
  • Provide remote incident response activities and advice, to support customers during and immediately after security incidents.
  • Produce and maintain operational processes and procedures.
  • Create and maintain SIEM correlation rules, signature creation for supported NIDS/NIPS and Endpoint Protection products from the analysis of malware samples & output of incident investigations.
  • Supporting multiple customer environments concurrently.
  • Working with the SOC analysts to carry out in-depth investigation on Security events, raise incidents and support the Incident Management process.
  • Provide analysis and trending of security log data and network traffic from a large number of monitoring points.
  • Support Playbook development and automation activities.
  • Other duties as assigned.


  • Has a passion for security and enjoys solving problems.
  • Good knowledge of Cyber Security Incident Response processes & procedures.
  • Excellent knowledge on the fundamentals of Windows and Unix systems including MacOS & Linux distributions.
  • Good understanding of static and dynamic binary analysis.
  • Good understanding of host forensics, memory forensics and network forensics.
  • Proficient with automation using languages such as Python.
  • Experience working with SIEM systems
  • In-depth knowledge of the security threat landscape
  • Ability to multi-task, prioritize, and manage time effectively
  • Strong attention to detail
  • Excellent interpersonal skills and professional demeanour
  • Excellent verbal and written communication skills
  • Excellent customer service skills
  • Experience in mentoring and training SOC Analysts.
  • Industry standard certifications such as: CREST CRT, CREST CCT, OSCP, CHECK, GIAC GCFA, GNFA, GREM.
  • 3+ years' experience as an Incident Responder or equivalent


  • Bachelor's degree in a related field or equivalent experience and knowledge
  • Experience of working in an MSSP/MDR SOC environment.

The Benefits:

  • Ongoing training and development
  • Career opportunities both in the short and long term
  • Company pension scheme
  • Private healthcare
  • 33 days holidays per annum inclusive
  • Fun working team atmosphere
  • Shopping discounts
  • Regular team social engagements

Next Steps:

To apply to our vacancy for a Cyber Security Incident Response Lead, please click Apply and submit a copy of your CV for consideration.

We look forward to hearing from you.

We are not accepting CV's from external resources and agencies...... click apply for full job details

Send application

Mail this job to me so I can apply later

Apply With CV

You are not logged in. If you have an account, log in to your account. If you do not have an account, why not sign up? It only takes a minute!

latest videos

Upcoming Events