Security Incident Response Engineer in Warrington

On behalf of Sellafield, we are looking for a Security Incident Response Engineer (Outside IR35) for a 6 month contract. Hybrid working based in Warrington.

Work at Sellafield Ltd, and you're not just building a career. You're embarking on a mission. Joining 11,000 people on a 100-year project transforming the Sellafield site for all the generations that follow. We have the site at Sellafield (West Cumbria) and our office at Risley (near Warrington). Join us and you'll work shoulder-to-shoulder with industry-leading - sometimes world-leading - experts. There are generations and generations of knowledge here and people are only too willing to share it. Our culture of continuous improvement is underpinned by commitment to professional and personal development few can match. Our relentless pursuit of excellence is reflected in our health, safety, security, resilience, and environmental performance standards as well as the quality of the products and services we deliver to our customers.

As a Security Incident Response Engineer your main responsibilities will be to:

• Design and develop ServiceNow Security Incident Response (SIR) workflows, including incident triage, escalation paths, case life cycle and evidence management.
• Ensure workflows are aligned to Cyber Operations requirements, industry incident management frameworks and NCSC-aligned processes.
• Configure and customise the SIR platform, including forms, fields, templates, routing rules and classification models.
• Develop and maintain guided response actions and playbooks to support standardised incident handling.
• Identify functional gaps within the platform and design enhancements in line with governance and architectural standards.
• Integrate ServiceNow SIR with SIEM/SOC tools, threat intelligence feeds, SOAR platforms and ITSM processes.
• Produce compliance-focused, audit-ready reporting and workflow analytics to support continuous improvement.
• Create and maintain documentation including SOPs, user guides, technical configurations and integration maps.
• Support the transition of SIR capabilities into Business-as-Usual (BAU) operations.

Essential:

• An active SC Clearance is an essential requirement for this role; as a minimum you must be willing & eligible to undergo checks.
• ServiceNow SecOps/SIR experience - Hands-on experience configuring and delivering ServiceNow Security Incident Response modules.
• Cyber Security Domain Knowledge, with an understanding of incident response life cycles, SOC/CSOC operations and threat intelligence & detection workflows.
• Stakeholder Management & Engagement skills, with a proven ability to engage across teams and stakeholders.

Desirable:

• Experience with Microsoft Security technologies.

Please be aware that this role can only be worked within the UK and not Overseas.

Sellafield Ltd is committed to eliminating discrimination and encouraging diversity amongst its workforce.

Disability Confident

As a member of the Disability Confident Scheme, Sellafield guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group. This scheme encourages candidates with a disability and/or neurodivergence to apply. In exceptional circumstances, we may also need to apply the desirable criteria in our shortlisting process which may include holding active security clearance.

Armed Forces Covenant

Sellafield guarantees to interview veterans or spouses/partners of military personnel who meet all the essential criteria for the vacancy. In cases where we have a high volume of ex-military candidates/military spouses or partners, who meet all the essential criteria, we will interview the best candidates from within that group. In exceptional circumstances, we may also need to apply the desirable criteria in our shortlisting process which may include holding active security clearance.