Cyber Security Incident Manager*

Job Title - Cyber security incident manager
SC cleared or eligible for clearance.
3 month rolling ( likely 1 year)
Fully remote

Key Responsibilities
Incident Response & Management

• Lead and coordinate major cyber security incidents (e.g., ransomware, data breaches, phishing campaigns, insider threats).

• Serve as primary incident commander during high?severity events.

• Oversee triage, impact assessment, containment strategies, and remediation plans.

• Ensure timely escalation and communication to leadership and relevant stakeholders.

• Maintain accurate incident logs, timelines, and evidence for audits or legal processes.

Threat Analysis & Investigation

• Direct technical investigations, working with SOC analysts, threat intelligence teams, and external partners.

• Analyse attack vectors, exploits, and root causes.

• Guide forensic activity where required, ensuring evidence integrity.

Governance, Reporting & Continuous Improvement

• Produce detailed incident reports, executive summaries, and post?incident reviews.

• Track incident metrics, trends, and lessons learned to improve security posture.

• Drive improvements in incident response playbooks, processes, and tooling.

• Ensure incidents are handled in alignment with frameworks such as NIST

Stakeholder & Vendor Coordination

• Act as the key liaison during incidents with IT, Risk, Legal, Compliance, HR, Communications, and third?party partners.

• Support customer?facing communication where relevant (for MSSP or managed services environments).

• Manage relationships with external responders, MSSPs, and law enforcement as applicable.

Operational Readiness

• Support the development and delivery of cyber incident simulations, tabletop exercises, and readiness assessments.

• Ensure IR documentation is current, accessible, and aligned with business needs.

• Provide mentoring and support to junior analysts and incident responders.

Essential Skills & Experience

• Proven experience leading complex cyber security incidents in a mid?to?large enterprise or MSSP environment.

• Strong understanding of attack methodologies, malware behaviour, and adversary TTPs.

• Experience with SIEM, EDR, SOAR, threat intel platforms, and forensic tools.

• Deep knowledge of IR frameworks:

• Ability to make clear decisions under pressure and command multi?disciplinary response teams.

• Excellent communication skills, with the ability to convey technical detail to senior leadership.