Manchester: 0161 797 8123

London: 0207 438 2045



Cyber Incident Responder

Job Description

CYFOR is a leading nationwide provider of Digital Forensics, eDiscovery and Cyber services to Law firms, Corporate organisations and Law enforcement.

The Role

Due to our continued growth, we are looking for a passionate and motivated Cyber Incident Responder to assist our clients in cyberattack response, remediation and recovery. The ideal candidate will have at least 4 years experience handling a range of cyber incidents. You’ll have a deep technical knowledge of incident response, digital forensics and investigations processes, along with excellent client-facing skills and a can-do attitude. You’ll also be able to demonstrate flexibility, commitment and integrity.

When not responding to incidents you’ll provide clients with Proactive Cyber consultancy services such as Cyber Security Audits and Cyber incident readiness plans or spend time helping to develop CYFOR’s delivery capability. In return, you’ll receive a salary commensurate with experience and excellent career prospects. You’ll enjoy a varied and highly fulfilling role, working with great colleagues in a fantastic atmosphere.

This is a unique opportunity to join a highly successful business that truly focuses on its main asset, its team members.

Main Responsibilities

  • Emergency incident response – response, mitigation and remediation;
  • Manage and organise initial response activities, remotely and onsite, to contain cyber incidents for clients. Acting as SPOC;
  • Client communication. Provide calm and collected client incident management with regular progress updates. Communicate complex technical concepts in a concise and easy to understand manner. Understand client’s needs and build strong relationships;
  • Acquire and investigate server logs, firewall logs, intrusion detection system alerts, traffic logs and host system logs (particularly Office 365);
  • Able to perform malware analysis;
  • Deliver high-quality technical investigations and reports to clients on a timely basis. Helping clients to understand how an incident occurred and how to effectively respond;
  • Always maintain a current view of the cyber threat landscape in order to advise clients accordingly;
  • Complete customer incident response capability maturity assessments;
  • Complete Cyber security audits and Cyber incident readiness plans. Guide clients on the implementation of other proactive cyber preventative measures;
  • Collaborate internally with other departments helping to win work;


Skills and Experience

  • Educated to degree level or with equivalent work-related experience;
  • Proven understanding of the Cyber Kill Chain, MITRE ATT&CK and other information security defence and intelligence frameworks;
  • Strong understanding of enterprise-grade technical security controls and defence in depth practices;
  • Experience in incident handling, threat hunting and threat intelligence;
  • Experience in collecting logs from and utilising HIDS, IDS/IPS systems, SIEMs, AD controllers and firewalls;
  • Experience working in a Security Operations environment and Cyber Security Incident Response team;
  • Ability to correlate events from various sources to create incident timelines;
  • Experience in cloud-based infrastructure including Microsoft Azure and Office 365, Amazon AWS, and Google Cloud;
  • Knowledge of Unix/Linux/Windows Administration and Logging;
  • Experience in and knowledge of operating systems (e.g., Android, iOS, Linux, Windows, MVS, VMWare), hardware and software platforms, and protocols as they relate to information technology;
  • Excellent client-facing skills. Able to communicate at all levels, adapting the style of communication to meet the needs of the audience;
  • Solid understanding and experience of dealing with network architecture, web applications and associated devices;
  • Able to develop and maintain relationships with colleagues and clients;
  • An excellent attitude and the willingness to learn and study for certifications;
  • Mentor and train other team members in technical and soft skills;
  • Ability to effectively plan and coordinate projects;
  • Excellent written and verbal communication skills;
  • Demonstrate a high level of accuracy and attention to detail;
  • Previous exposure to enterprise-scale infrastructure and technology stacks.
  • Experience in analysing packet captures and NetFlow logs from monitoring devices, typically WireShark.
  • SANS or CREST accreditation



  • Company statutory pension scheme
  • Extra days holiday for your birthday
  • A birthday gift, rising in value each year
  • Bupa Cashplan (or equivalent)
  • Life Insurance (Death in Service)
  • Annual Media Subscriptions (from a choice of Netflix HD, Amazon Prime, Spotify, Magazine sub, etc)
  • An annual work anniversary gift, rising in value each year. In addition, after 3 years of service, you will receive a £300 bonus. After 5 years of service, you will receive a £500 bonus. After 10 years of service, you will receive a £1,000 bonus.
  • Multiple social events throughout the year including the CYFOR Family Day
  • Month-end lunch and lots more.


Please NOTE:

This role will require security clearance to SC level, please advise if you are a holder otherwise, we will need to carry out vetting


Apply for this job by completing the form and uploading your CV.

Back to all Careers

Apply for this job

Simply complete the form and upload your CV to apply!

    To be considered for the role and to pass security vetting you must have been a permanent UK resident for more than 5 years.
  • Tell us more about you and your skills
  • We collect and process information relating to job applicants as part of the recruitment process. More information may be found here:
    Accepted file types: pdf, docx, doc.
  • This field is for validation purposes and should be left unchanged.

Apply today

Manchester: 0161 797 8123

London: 0207 438 2045

Send an enquiry to our experts

  • This field is for validation purposes and should be left unchanged.

After submitting an enquiry, a member of our team will be in touch with you as soon as possible

Your information will only be used to contact you, and is lawfully in accordance with the General Data Protection Regulation (GDPR) act, 2018.