Cyber Incident Response Tech CIRT Lead
other jobs Robert Walters
Added before 3 hours
- England,Yorkshire and The Humber,West Yorkshire
- Full Time, Permanent
- £70,000 - £80,000 per annum
Job Description:
This CIRT L3 Lead role is a hands-on leadership position responsible for end-to-end cyber incident response, proactive threat hunting, and detection engineering in Rapid7 InsightIDR for a retail-focused environment
My client is an international Consultancy firm, specialising in Cyber Security looking for a hands on Cyber Incident Response Tech Lead, responsible for end-to-end cyber incident response, proactive threat hunting, and detection engineering in Rapid7 InsightIDR for a retail-focused environment.
You will coordinate cross-functional technical teams during major incidents, drive containment and recovery, and own post-incident reviews and playbooks. The role includes mentoring CIRT analysts, enhancing SIEM/SOAR automation, and continuously improving processes using frameworks such as MITRE ATT&CK, NIST 800-61, and PCI DSS.
What this job is really about * Owning cyber incident response end-to-end: from first alert, through containment and eradication, to lessons learned and better playbooks.?
* Turning threat hunting into a core capability: hypothesis-driven, adversary-based hunts that actually find things, not just tick a process box.?
* Making Rapid7 InsightIDR work hard: building and tuning detection rules and UBA use cases so you see retail-relevant threats early and clearly.?
* Being the person who connects the dots between frameworks like MITRE ATT&CK, NIST 800-61, PCI DSS and what actually happens on the ground.
Who this will suit * You’ve worked in SOC, Incident Response, or Threat Hunting and are comfortable leading complex investigations, not just following a runbook.?
* You’ve used InsightIDR or another MDR/SIEM platform for rule creation, tuning and dashboards, and you’re not afraid of SOAR tools like InsightConnect or Cortex XSOAR.?
* Python or PowerShell are part of your toolkit, and retail networks, POS systems, and cloud infrastructure don’t intimidate you.?
* You can manage, coach, and challenge a CIRT team, handle stakeholders in the middle of a live incident, and still think strategically about where the function needs to go.?
Nice to have (but not deal-breakers) * Certifications such as GCIH, GCFA, CISSP, or Rapid7 InsightIDR Specialist.?
* A track record of improving processes, not just operating them - plus the communication skills to bring people with you.?
Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates
My client is an international Consultancy firm, specialising in Cyber Security looking for a hands on Cyber Incident Response Tech Lead, responsible for end-to-end cyber incident response, proactive threat hunting, and detection engineering in Rapid7 InsightIDR for a retail-focused environment.
You will coordinate cross-functional technical teams during major incidents, drive containment and recovery, and own post-incident reviews and playbooks. The role includes mentoring CIRT analysts, enhancing SIEM/SOAR automation, and continuously improving processes using frameworks such as MITRE ATT&CK, NIST 800-61, and PCI DSS.
What this job is really about * Owning cyber incident response end-to-end: from first alert, through containment and eradication, to lessons learned and better playbooks.?
* Turning threat hunting into a core capability: hypothesis-driven, adversary-based hunts that actually find things, not just tick a process box.?
* Making Rapid7 InsightIDR work hard: building and tuning detection rules and UBA use cases so you see retail-relevant threats early and clearly.?
* Being the person who connects the dots between frameworks like MITRE ATT&CK, NIST 800-61, PCI DSS and what actually happens on the ground.
Who this will suit * You’ve worked in SOC, Incident Response, or Threat Hunting and are comfortable leading complex investigations, not just following a runbook.?
* You’ve used InsightIDR or another MDR/SIEM platform for rule creation, tuning and dashboards, and you’re not afraid of SOAR tools like InsightConnect or Cortex XSOAR.?
* Python or PowerShell are part of your toolkit, and retail networks, POS systems, and cloud infrastructure don’t intimidate you.?
* You can manage, coach, and challenge a CIRT team, handle stakeholders in the middle of a live incident, and still think strategically about where the function needs to go.?
Nice to have (but not deal-breakers) * Certifications such as GCIH, GCFA, CISSP, or Rapid7 InsightIDR Specialist.?
* A track record of improving processes, not just operating them - plus the communication skills to bring people with you.?
Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates
Job number 3405462
Increase your exposure to recruiters with ProJobs
Thousands of recruiters are looking for you in the Job Master profile database, increase your exposure 4 times with a ProJob subscription
You can cancel your subscription at any time.
metapel
Company Details:
Robert Walters
Operating across five continents, with offices in over 30 countries, Robert Walters is a world-leading global specialist recruitment consultancy. With...