Cyber Security Incident Investigator

🔒 Confidential Employer
Posted 8 May 2026
LOCATION
Not specified
TYPE
Full-time
LEVEL
Mid-Senior level
CATEGORY
Cyber Security
This employer holds a UK Home Office sponsor license — sponsorship for this specific role is at the employer’s discretion

SKILLS

Incident Response Digital Forensics Network Forensics Cloud Security (AWS/GCP/Azure) Scripting (Python/PowerShell) SIEM (Splunk/Elastic) Threat Hunting Identity Management (Active Directory)

FULL DESCRIPTION

Cyber Security Incident Investigator at [Employer hidden — sign up to reveal]

[Employer hidden — sign up to reveal]'s Security Visibility and Incident Command (SVIC) team is seeking an experienced Cyber Security Incident Investigator to join our global team. This role involves conducting technical investigations into cyber security incidents, performing host and network forensics, threat hunting, and incident response. The position offers remote work and requires a minimum of 7-10+ years of experience.

Meet the Team

[Employer hidden — sign up to reveal]'s Security Visibility and Incident Command (SVIC) forms part of the monitoring & response branch of [Employer hidden — sign up to reveal]'s Security and Trust Organization (S&TO) and is [Employer hidden — sign up to reveal]'s cyber investigations and forensics team. We provide [Employer hidden — sign up to reveal] with security threat detection, compliance monitoring, vulnerability discovery and response services to protect [Employer hidden — sign up to reveal]'s digital landscape from attacks, abuse, reputational harm, and loss of its intellectual assets. The primary mission of SVIC is to help ensure system and data risk management by performing comprehensive investigations into cyber security incidents, and to assist in the prevention of such incidents by engaging in dedicated threat assessment, mitigation planning, incident trend analysis, and security architecture review. We are a highly-functioning, diverse, and globally distributed group of committed professionals from various technical backgrounds.

Your Impact

SVIC is looking for an experienced security professional to join our Cyber Security Incident Investigations Team. This is an opportunity to contribute to a highly visible security operations function with global impact upon [Employer hidden — sign up to reveal], its diversified business, business units, service ventures, partners, and customers. We are looking for a motivated and battle-hardened security specialist who thinks like an attacker but has the heart of a defender. Our investigators thrive on understanding how complex systems work, how they are attacked or abused, and using that learning to build better detection and response methods.

Responsibilities

  • Conduct the technical investigation into computer security incidents to assess the scope of impact to the business and uncover the root cause.
  • Engage with impacted teams to devise & drive them towards containment of the incident while proceeding to work for a full resolution.
  • Perform an after actions review into high severity incidents & communicate findings with management & partner teams.
  • Conduct host forensics, network forensics and log analysis in support of incident response investigations for systems or applications deployed on-prem or in the cloud.
  • Perform threat hunting campaigns utilizing information on adversary tools, tactics & procedures (TTPs) and knowledge of how they manifest in security data sources & system telemetry.
  • Research and deploy modern technologies or enhancements to support business objectives related to security detection, threat hunting, forensics, and response.
  • Engage with data source & business SMEs in SVIC and InfoSec to build & improve methods for detecting and responding to security incidents in cloud (IaaS, SaaS, PaaS) environments.
  • Study how attackers operate and their methods, but also use your IT and networking expertise to build & improve detection logic and investigative procedures.
  • Collaborate with your peers to evolve our operational processes & procedures towards improving efficiency & efficacy.
  • Cultivate expertise in the technical subjects you are passionate about, to guide SVIC towards better ways in achieving our mission.
  • Teach, mentor and support your peers in areas you have specialized knowledge or experience.
  • Represent SVIC in collaboration with industry peers and in trusted working groups.
  • Participate in a follow-the-sun on-call rotation.

Minimum Qualifications

  • Minimum of 7-10+ years of experience in investigations and incident response.
  • Self-Starter, Go-Getter & Self-Learner.
  • Superb communication (verbal and written) skills.
  • Reasonable scripting/coding abilities and an eye for automation opportunities.
  • Networking Experience: solid grasp of networking and core Internet protocols (e.g. TCP/IP, DNS, SMTP, HTTP, TLS and distributed networks).
  • Security Technology Experience: across common security products like firewalls, IDS/IPS, NetFlow, AV, EDR, SIEM, SOAR, etc.
  • Cloud Experience: experience or familiarity with cloud computing platforms like AWS, GCP, Azure, Docker, Kubernetes, etc.
  • Dev-Sec-Ops Experience: experience or familiarity with CI/CD pipelines.
  • IT Infrastructure Experience: extensive knowledge of IT infrastructure services, Operating systems, networking.
  • Identity Management Experience: experience or familiarity with protocols & products like Radius, Active Directory, LDAP, NTLM, Kerberos, SAML, OAuth, JWT, etc.
  • Experience with a mix of red team or blue team tools like Metasploit, C2 frameworks, Kali Linux, Security Onion, Burp Suite, Nessus, OSQuery, Yara, sleuth kit, velociraptor, etc.
  • Experience in one or more data analytics platforms or languages like Splunk, Elastic Stack, Kusto Query Language (KQL), Structured Query Language (SQL), etc.
  • Agility in commanding several types of security incidents concurrently and a curiosity to learn about the tools and technologies involved.
  • Proven track record of managing and coordinating sophisticated security investigations.
  • Flexibility - willingness to pitch in where needed across program and team, and outside typical business hours.
  • Ability to work shift hours as well as on-call out of hours.
  • Strong leadership, influence, and collaboration skills; sound problem resolution, judgment, negotiating and decision-making skills.

Preferred Qualifications

  • Strong written and verbal communication skills, with experience briefing executive leadership and presenting technical findings to diverse audiences.
  • Proven ability to work under pressure, prioritize tasks, and lead cross-functional teams during time-critical situations.
  • Excellent analytical and problem-solving skills, with a focus on delivering actionable insights.

Why [Employer hidden — sign up to reveal]?

At [Employer hidden — sign up to reveal], we’re revolutionizing how data and infrastructure connect and protect organizations in the AI era – and beyond. We’ve been innovating fearlessly for 40 years to create solutions that power how humans and technology work together across the physical and digital worlds. These solutions provide customers with unparalleled security, visibility, and insights across the entire digital footprint. Fueled by the depth and breadth of our technology, we experiment and create meaningful solutions. Add to that our worldwide network of doers and experts, and you’ll see that the opportunities to grow and build are limitless. We work as a team, collaborating with empathy to make really big things happen on a global scale. Because our solutions are everywhere, our impact is everywhere. We are [Employer hidden — sign up to reveal], and our power starts with you.

Sign up free — access 45,000+ UK sponsor-licensed jobs