Technical Lead, Incident Response (Hiring Immediately)

S-RM
London

WHO WE ARE

S-RM is a global intelligence and cyber security consultancy. Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges.

We’ve been able to do this because of our outstanding people. We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success.

But we also know that work isn’t everything. It’s about the lives and careers it helps us build. We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day.

We’re excited you’re thinking about joining us.

 

WORKING IN CYBER AT S-RM

Our Cyber Security division is the fastest-growing part of S-RM. The cyber sector is always evolving, and our Advisory , Ethical Hacking, and Incident Response practices are in more demand than ever.

We’re building a team to meet this challenge. We’re quick to respond, innovate, and improve. We don’t get too hung up on hierarchy or bureaucracy. If your ideas are good enough, we’ll empower you to implement them. If you’re the best person to talk to a customer, you’ll get that opportunity, regardless of the title in your email signature. And when you need a hand, your team will always have your back.

We also don’t believe there’s a typical cyber security professional. We’ve built a team of intelligence analysts, technical specialists, software developers, investigators, risk managers, and more. You’ll always find a range of perspectives and expertise to help you learn and grow.

If that sounds like your kind of team, we’d like to hear from you.

THE ROLE

Our Incident Response Consultants are a critical part of our Cyber Security consulting practice’s success. As a Technical Lead, you will deploy your incident response expertise in a senior, client‑facing delivery role across our incident response services.

You will work across the full lifecycle of security incidents to help our clients respond and recover, spanning both traditional incident response scenarios (such as ransomware, business email compromise and intrusion investigations) and modern incidents affecting cloud platforms, CI/CD pipelines and software delivery environments.

 

WHAT YOU WILL DO

You will be responsible for leading and delivering technical investigations for clients, including:

  • Leading technical incident response engagements from first contact through to closure
  • Acting as the primary technical resource on response cases, applying your own expertise and providing guidance to colleagues on the project team.
  • Overseeing host‑, network‑ and cloud‑based investigations , including:
    • Triage and containment
    • System recovery and remediation support
    • Technical evidence collection and forensic analysis
    • Log, malware and root cause analysis
  • Investigating a wide range of incident types , including but not limited to:
    • Ransomware and extortion incidents
    • Business Email Compromise (BEC)
    • Unauthorised access and data breaches
    • Incidents involving cloud environments, CI/CD pipelines, automation and software supply chains
  • Applying cloud and DevOps‑related expertise where required , for example when incidents involve:
    • Compromised cloud identities, APIs or control planes
    • Abuse of CI/CD pipelines, source code repositories or secrets
    • Infrastructure‑as‑Code and automated deployment workflows
  • Developing and sharing domain expertise
    We will support you to deepen your technical knowledge and share it across the wider team through internal initiatives, training and capability development.
  • Participating in an on‑call rotation
    Providing 24×7×365 incident response coverage for our clients.

 

 

OTHER FEATURES OF THE ROLE

  • Variety of casework
    No two days are the same. You will respond to a diverse range of incidents across public and private sector clients, industries and technology stacks.
  • Range of opportunities
    In addition to incident response, you will have opportunities to contribute to related consulting work such as post‑incident reviews, incident readiness, threat exposure assessments and broader advisory projects.
  • Flexible working practices
    Incident response can be intense, high‑pressure work. We are mindful of work/life balance and offer flexible working arrangements to support wellbeing.

 

WHAT WE’RE LOOKING FOR

Candidates with the following experience and attributes are likely to succeed as Incident Response Consultants at S‑RM.

That said, if you don’t meet every criterion below but are interested in the role, we encourage you to apply. We value individuals who are particularly strong in certain areas and keen to develop in others.

We nurture a culture of equality, diversity and inclusion and are committed to building a workforce with varied backgrounds, skills and perspectives.

 

Experience

  • 5+ years’ experience in a technical cyber security, cloud security, DevSecOps, platform engineering or related role.
  • Direct experience working in a consulting or in‑house incident response team is beneficial, but not essential .

Approach

  • A strong investigative mindset , with the ability to work through complex problems using limited or incomplete information.
  • Comfortable operating in high‑pressure, time‑critical client situations.

Technical skillset

  • Strong technical foundations suitable for investigating a range of incident types, including ransomware and intrusion scenarios.
  • Experience or strong interest in cloud and modern infrastructure , such as:
    • AWS, Azure or GCP
    • CI/CD platforms and automation
    • Identity, logging and audit trails in cloud environments
  • Comfortable using scripting and automation to support investigations and analysis.

Threat awareness

  • Demonstrable knowledge of cyber threat actors and their tactics, techniques and procedures, including those targeting both traditional enterprise environments and modern cloud‑based systems.

Communication

  • Able to clearly communicate technical findings and risk to non‑technical client audiences in a professional consulting setting.

Qualifications

Relevant certifications are not required , but the following (or similar) are beneficial:

GCFE, GCFA, EnCE, CFSR, CISSP, GREM, CCNA, MCFE, OSCP, Network+, Security+
Cloud and platform‑focused certifications (AWS, Azure, GCP, Kubernetes, Terraform) are also advantageous.

The successful candidate must have permission to work in the UK by the start of their employment.

 

OUR BENEFITS

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, this includes but is not exhaustive of:

  • 25 days holiday per year in addition to bank holidays (+1 day for every year of service up to a maximum of 30 days);
  • Hybrid working and flexible working hours;
  • Matching pension contribution up to 7% and financial education;
  • Fertility treatme]]>
Posted 2026-03-24

Recommended Jobs

Teacher of Geography role in Barnet - Independent School

Marchant Recruitment
Barnet, Greater London

A prestigious independent school in Barnet is looking for a dedicated Geography Teacher to join their high-performing Humanities faculty. You will be responsible for delivering a rigorous and engagin…

View Details
Posted 2026-05-07

R&D Assistant Manager - London, UK

Kingpin International
City of London, Greater London

Are you ready to join a rapidly growing R&D team? We’re looking for a R&D professional to join a dynamic team based in London, England. This is an exciting opportunity for a motivated and ambitiou…

View Details
Posted 2025-09-09

Trade Mark Attorney (2 - 8 Years' PQE)

London

This is a stand-out opportunity for an ambitious qualified trade mark attorney to join a leading practice in London. This position would suit attorneys with 2 - 8 years' post qualification experience…

View Details
Posted 2026-03-27

Speech and Language Therapy

London

PSL Recruitment Services is looking for a paediatric speech & language therapist for a community clinic in North East London NHS. You will be working with children with ASD and learning difficulties…

View Details
Posted 2026-01-06

Director, Product Management (f/m/d)

Contentful
London

About the opportunity We are looking for a Director of Product Management to lead our Optimization teams, managing a suite of products and services spanning analytics, personalization, and experim…

View Details
Posted 2026-04-18

Portfolio Management Actuary

Eames Consulting
City of London, Greater London

I am currently working on a Portfolio Management Actuary position. I am looking to speak with candidates who have the ability to think strategically to steer a portfolio. The role has highly …

View Details
Posted 2026-06-27

Nanny, accommodation provided, Job ID J2162B

Little Ones UK Ltd
Canary Wharf, Greater London

A lovely family based in E14 is looking for a Live-in Nanny to take care of their toddler. Someone who speaks French is a bonus. All general Nanny duties are required in this role. A driver would be …

View Details
Posted 2026-06-12

Assistant Trade Marketing Manager UK/EU (Hiring Immediately)

Kayali
London

Who We Are Fueled by passion, KAYALI was founded in 2018 by beauty mogul and fragrance fanatic, Mona Kattan. Translating to ‘my imagination’ in Arabic, KAYALI provides a modern fragrance experienc…

View Details
Posted 2026-03-24

Year 3 Teacher | Harrow | January 2026

Marchant Recruitment
Harrow, Greater London

Are you an ambitious and dedicated Year 3 Teacher looking for a fresh challenge from January 2026? Would you like to work in a popular and forward-thinking primary school in Harrow that is committed …

View Details
Posted 2025-12-10