Job Title: Cyber Security Incident Response Analyst

Location: Bristol-based, ideally 2–3 days on-site per week, with some flexibility depending on circumstances.

Salary: £DOE + 10% bonus

Security: Must be eligible for SC Clearance (British citizen or UK resident for last 5 years)

 

We’re looking for a Cyber Security Incident Responder to take ownership of how security incidents are managed across both corporate and product environments.

 

This is a hands-on, high-trust role sitting at the centre of incident response. You’ll act as the internal escalation point for the external SOC, driving investigations through to resolution, coordinating cross-functional response efforts, and ensuring incidents are handled with clarity, speed, and accountability.

 

Beyond live incidents, you’ll play a key role in strengthening overall response maturity, improving processes, refining playbooks, and ensuring the organisation is continuously better prepared for future events.

 

What You’ll Be Doing

• Own security incidents escalated from the SOC from initial triage through to resolution
• Coordinate internal response activity across engineering, IT, and wider stakeholders
• Lead investigation efforts, guiding analysts through structured response workflows
• Analyse logs, telemetry, and system behaviour using SIEM tools (e.g. Splunk, Kibana / Elastic)
• Drive containment and remediation actions, ensuring clear ownership and follow-through
• Translate technical findings into clear business impact and actionable outcomes
• Develop, maintain, and improve incident response playbooks and procedures
• Conduct post-incident reviews and ensure root causes are fully understood and addressed
• Define and refine severity classification, escalation paths, and response models
• Run tabletop exercises and incident simulations to test readiness and capability
• Identify gaps in detection, response, or visibility and drive improvements
• Feed insights from real incidents into monitoring and detection enhancements
• Help shape dashboards and operational views to support live incident decision-making

 

What We’re Looking For

• Experience in a SOC, incident response, or security operations role
• Strong understanding of operating systems, networking fundamentals, and attacker behaviour
• Hands-on experience with SIEM platforms such as Splunk and/or Elastic (Kibana)
• Ability to analyse logs, alerts, and technical artefacts to drive investigations
• Working knowledge of scripting (e.g. Python, PowerShell, or similar)
• Calm, structured decision-making under pressure
• Strong coordination skills with the ability to drive actions across multiple teams
• Experience working with or developing incident response processes/playbooks

 

Why This Role

This is a true ownership role in incident response, you’ll sit at the centre of how the organisation detects, responds to, and learns from security events.

 

Rather than just reacting to incidents, you’ll shape how they are handled, improving maturity over time and ensuring lessons learned translate directly into stronger detection, faster response, and better resilience.