Senior Cyber Incident Response Consultant

Endava is seeking a highly experienced Senior Cyber Incident Response Analyst to lead incident response activities and strengthen cyber defence capabilities across enterprise client environments.

This senior technical role operates within a hybrid security operations model that includes managed SOC providers and internal cyber defence capabilities. The role is responsible for coordinating complex incident response investigations improving detection and response capabilities and driving operational maturity across security monitoring automation and incident management processes.

Working closely with Security Operations Cyber Engineering Threat Intelligence and IT operations teams the Senior Cyber Incident Response Analyst ensures that security incidents are detected investigated and contained rapidly while driving continuous improvements in monitoring coverage response playbooks and automation capabilities.

The role will also act as a technical escalation point for security operations and play a key role in strengthening cyber resilience through operational governance incident testing and detection engineering improvements.

Responsibilities:

• Lead and coordinate cyber incident response activities across internal teams managed SOC providers and technology stakeholders.
• Act as the senior technical escalation point for security operations and incident response investigations.
• Investigate complex security incidents including malware infections account compromise insider threats and advanced attack activity.
• Coordinate containment remediation and recovery actions during cyber incidents.
• Improve security monitoring and response processes by refining detection logic alert triage processes and response playbooks.
• Partner with SOC Threat Intelligence and Vulnerability Management teams to strengthen detection coverage and threat visibility.
• Lead the development and maintenance of incident response playbooks and response procedures.
• Drive improvements in cyber defence capabilities through automation using SOAR and security tooling integrations.
• Analyse incident trends and root causes to identify security control gaps and recommend preventative improvements.
• Ensure accurate incident documentation audit trails and post-incident reviews including lessons learned and improvement actions.
• Participate in cyber incident simulations and response exercises to improve organisational readiness.
• Support service governance with managed SOC providers ensuring service delivery meets defined SLAs and operational KPIs.

Qualifications :

Experience:

• 10 years of experience in cybersecurity or IT with at least 6 years in Security Operations Centre (SOC) or Incident Response roles.
• Demonstrated experience leading or coordinating cyber incident investigations in enterprise environments.
• Hands-on experience performing digital forensics threat investigation and incident containment activities.
• Experience working within hybrid security operations models that include outsourced SOC providers or managed security services.
• Experience developing incident response processes playbooks and operational procedures.
• Experience improving detection engineering and response capabilities using SIEM EDR and security automation platforms.
• Experience analysing threat intelligence and attacker techniques to improve detection use cases.
• Relevant cybersecurity certifications such as GIAC CISM OSCP CEH or equivalent are desirable.

Technical Skills:

• Hands-on experience with modern cyber defence technologies including:
  • SIEM platforms (e.g. Splunk Sentinel or equivalent)
  • Endpoint Detection and Response (e.g. CrowdStrike Microsoft Defender)
  • Security Orchestration and Automation (SOAR) platforms
  • Threat intelligence platforms and monitoring tools
• Strong knowledge of incident response methodologies and cyber kill chain analysis.
• Experience analysing attacker techniques and mapping detections using frameworks such as MITRE ATT&CK.
• Experience developing detection use cases and improving alert fidelity.
• Familiarity with cyber incident management metrics such as:
  • Mean Time to Detect (MTTD)
  • Mean Time to Respond (MTTR)
  • Detection coverage and response effectiveness
• Understanding of digital forensics techniques including log analysis endpoint investigation and network event analysis.
• Ability to translate threat intelligence incident learnings and vulnerability insights into improvements in security controls and detection capabilities.
• Experience scripting or automating response workflows to improve security operations efficiency is advantageous.
• Familiarity with regulatory and compliance obligations related to incident reporting and evidence preservation (e.g. GDPR NIS2) is beneficial.

Additional Information :

Discover some of the global benefits that empower our people to become the best version of themselves:

• Finance: Competitive salary package share plan company performance bonuses value-based recognition awards referral bonus;   
• Career Development: Career coaching global career opportunities non-linear career paths internal development programmes for management and technical leadership;
• Learning Opportunities: Complex projects rotations internal tech communities training certifications coaching online learning platforms subscriptions pass-it-on sessions workshops conferences;
• Work-Life Balance: Hybrid work and flexible working hours employee assistance programme;
• Health: Global internal wellbeing programme access to wellbeing apps;
• Community: Global internal tech communities hobby clubs and interest groups inclusion and diversity programmes events and celebrations.

At Endava were committed to creating an open inclusive and respectful environment where everyone feels safe valued and empowered to be their best. We welcome applications from people of all backgrounds experiences and perspectivesbecause we know that inclusive teams help us deliver smarter more innovative solutions for our customers. Hiring decisions are based on merit skills qualifications and potential. If you need adjustments or support during the recruitment process please let us know.

Remote Work :

No

Employment Type :

Full-time