Role overview:We are seeking an experienced Cyber Incident Response Consultant to support our cybersecurity function on a contract basis. The consultant will be responsible for collaborating with organisation stakeholders in developing, updating, and enhancing a comprehensive set of tactical and operational cyber incident response documents, including the Incident Response Plan, Communication Plan, Incident Response Playbooks, and Containment & Eradication procedures.
This engagement is focused on delivering high-quality, actionable documentation and strengthening the organisations overall incident response capability. The consultant will work closely with internal stakeholders to ensure alignment with business operations, technology, and regulatory requirements.
Your responsibilities: 1.IR Technical Capability Maturity AssessmentoEvaluate and report on the organisations technical capabilities and maturity against IR Detection & Analysis, Containment, Eradication, & Recovery domains using industry maturity model.2.Develop & Maintain Incident Response DocumentationoProduce and refine the organisations Incident Response Plan (IRP).oBuild clear and consistent internal and external incident communication workflows.oDevelop detailed incident response playbooks, such as ransomware, business email compromise (BEC), data breach, insider threat, malware outbreak, DDoS attack, cloud service compromise. (Final scenarios to be agreed during discovery.)3.Strengthen Organisational Incident PreparednessoConduct discovery sessions with technical and non-technical stakeholders.oReview existing security processes, tools, and architecture to ensure documentation reflects current environments.oSupport tabletop exercise planning and incorporate lessons learned into documentation.oProvide expert guidance and recommendations to improve cyber readiness.4.Build Containment & Eradication FrameworksoDevelop clear, structured containment strategies for different incident types.oCreate eradication and recovery guidance aligned with operational capabilities.oEnsure all procedures support legal, compliance, and evidence-preservation requirements.5.Align with Standards & Regulatory ExpectationsoEnsure all documentation aligns with CIS Controls.oEnsure materials support relevant legal and regulatory expectations as appropriate for the organisation.6.Collaborate Across the BusinessoWork closely with SOC staff, IT teams, legal, risk, compliance, communications, and senior leadership.oConvert technical details and threat intelligence into clear, actionable steps appropriate for operational use.
Your ProfileEssential skills/knowledge/experience:
oProven experience (typically 5+ years) in incident response, SOC operations, cybersecurity consulting, or GRC.oDemonstrated ability to produce high-quality IR documentation and playbooks for medium-to-large organisations.oDeep understanding of modern threat actors, attack methodologies, and incident response lifecycle.oExperience across cloud (Azure, AWS) and on-premise enterprise environments.oExceptional written communication skills and ability to deliver polished, structured documentation.oAbility to work independently, meet deadlines, and drive deliverables with minimal supervision.
Desirable skills/knowledge/experience:
oGCIH, GCFA, CISSP, or equivalent security certifications.oExperience working within regulated sectors (financial services, healthcare, government, critical infrastructure).oPrior participation in or leadership of real-world cyber incident response activities.oFamiliarity with identity governance, EDR platforms, SIEM tooling, and cloud security architecture.Simplicity (Leading & Managing Change)