CYFOR Group Careers

Start you career with the leading experts

Cyber Incident Responder

Job Description

Cyber Incident Responder – CYFOR Secure Division

Salary – £40,000 to £60,000 depending on experience.

The Company

The CYFOR Group is a leading nationwide provider of Digital Forensics, eDiscovery and Cyber Security, providing services mostly to law firms, corporate organisations and insurance companies.

Here at CYFOR, we look for passionate and high-performing people who can make a real difference and thrive on technology and thinking outside the box.

Our employees make CYFOR truly great, and as they grow, so do we.

So if you’d like a varied and highly fulfilling role, working with great colleagues in a fantastic atmosphere, we’d like to hear from you.


The Role

Due to our continued growth, CYFOR Secure is looking for an experienced Cyber Incident Responder.

The ideal candidate will have at least 3-5 years of experience responding to and investigating a range of cyber incidents and hold a relevant degree, or be able to demonstrate degree-level knowledge, in the field of cyber security. You’ll have a deep technical knowledge of incident response, digital forensics, M365, cloud environments and investigations processes, along with excellent client-facing skills and a can-do attitude. You’ll also be able to demonstrate flexibility, commitment and integrity.

In return, you’ll receive a salary commensurate with experience, plus training, overtime and excellent career prospects.

This is a unique opportunity to join a highly successful business that truly focuses on its main asset, its team members.

Main Responsibilities

  • Perform emergency incident response for customers; including containment to prevent further compromise and gathering relevant forensic evidence.
  • Investigate forensic evidence from compromised devices and networks to determine the root-cause of incidents and understand the actions taken by threat actors.
  • Acquire and investigate server logs, firewall logs, intrusion detection system alerts, traffic logs and host system logs (particularly Office 365) to determine what data has been impacted during a cyber incident using open-source tools and industry standard forensics software.
  • Conduct forensic acquisitions of disks, memory, servers, and other relevant devices.
  • Analyse malware as part of incident investigations
  • Perform proactive security audits for customers, including O365 audits and vulnerability scans.
  • Evaluate and progress customers’ own incident response capabilities through advisory and consultative projects.
  • Delivering high-quality technical investigation and forensic reports to clients
  • Distribute written and oral customer communications through presentations and reports.
  • Develop and maintain a relationship with our commercial team, providing quotations and scoping out works.


Skills and Experience

  • Educated to degree level or with equivalent work-related experience.
  • Experience collecting forensic evidence from compromised systems.
  • Experience investigating cyber incidents to understand and prove malicious activity.
  • Proven understanding of the Cyber Kill Chain, MITRE ATT&CK and other information security defence and intelligence frameworks.
  • Strong understanding of enterprise grade technical security controls and defence in depth practices.
  • Comprehensive knowledge of incident handling, threat hunting and threat intelligence.
  • Ability to correlate events from various sources to create incident timelines.
  • Experience in cloud-based infrastructure including Microsoft Azure and Office 365, Amazon AWS, and Google Cloud.
  • Excellent client facing skills. Able to communicate at all levels, adapting the style of communication to meet the needs of the audience.
  • An excellent attitude and the willingness to learn and study for certifications.
  • Solid understanding and experience of dealing with network architecture, web applications and associated device.
  • Ability to effectively plan and coordinate projects.
  • Excellent written and verbal communication skills.
  • Demonstrate a high level of accuracy and attention to detail.
  • Demonstrate a flexible approach to work and a high level of self-motivation.
  • Ability to exercise discretion and confidentiality.


Desirable Skills

  • Previous exposure to enterprise scale infrastructure and technology stacks.
  • SANS, CREST or other information security accreditations
  • Experience deploying and monitoring endpoint protection (e.g. SentinelOne) across a variety of systems



  • Company statutory pension scheme.
  • Extra days holiday for your birthday.
  • A birthday gift, rising in value each year.
  • Bupa Cashplan (or equivalent).
  • Life Insurance (Death in Service).
  • Annual Media Subscriptions (from a choice of Netflix HD, Amazon Prime, Spotify, Magazine sub, etc).
  • An annual work anniversary gift, rising in value each year.
  • Loyalty bonuses. 3 years – £300 bonus. 5 – £500 bonus. 10 years – £1,000 bonus.
  • Multiple social events throughout the year, including the CYFOR Family Day.
  • Month-end lunch and lots more.


Please NOTE:

This role will require security clearance to SC level, please advise if you are a holder. Otherwise, we will need to carry out vetting.

Apply for this job by completing the form and uploading your CV.

Back to all Careers

Apply for this job

Simply complete the form and upload your CV to apply!

    To be considered for investigator roles you must have a minimum of 1.5/2 years experience within the industry. This doesn't apply to our Graduate roles.
    To be considered for the role and to pass security vetting you must have been a permanent UK resident for more than 5 years.
  • Tell us more about you and your skills
  • We collect and process information relating to job applicants as part of the recruitment process. More information may be found here:
    Accepted file types: pdf, docx, doc, Max. file size: 20 MB.

Send an enquiry to our experts

After submitting an enquiry, a member of our team will be in touch with you as soon as possible

Your information will only be used to contact you, and is lawfully in accordance with the General Data Protection Regulation (GDPR) act, 2018.