Cyber Incident Manager in Edinburgh

About Analog Devices

Analog Devices, Inc. (NASDAQ: ) is a global semiconductor leader that bridges the physical and digital worlds to enable breakthroughs at the Intelligent Edge. ADI combines analog, digital, and software technologies into solutions that help drive advancements in digitized factories, mobility, and digital healthcare, combat climate change, and reliably connect humans and the world. With revenue of more than $9 billion in FY24 and approximately 24,000 people globally, ADI ensures today's innovators stay Ahead of What's Possible™.

Location: UK (hybrid)

Role Overview

We’re looking for a Cyber Incident Manager who brings calm, speed, and precision to high‑stakes security events. At Analog Devices, you’ll play a central role in our end‑to‑end cyber incident response—protecting operations, safeguarding intellectual property, and upholding the trust our customers place in us. You will take command when it matters most. You’ll act as Incident Commander across the full lifecycle using ADI’s SANS‑based process and severity model, ensuring disciplined execution from detection to recovery. You’ll lead cyber incidents, run the Incident Action Group (IAG), and drive rapid containment, recovery, and high‑quality post‑incident reviews. You’ll own clear communication, maintain legal privilege, ensure record‑keeping, and work closely with legal, engineering, and cross‑functional partners. Ultimately, you’ll raise our incident response maturity and strengthen resilience—fast and with lasting impact.

Key Responsibilities

• Own incident communications: run executive updates and stakeholder calls per ADIs Comms & Escalation Matrix; produce concise executive summaries and impact assessments.
• Stand up and run the Incident Action Group (IAG); set strategy, assign workstreams, and steer decisions at pace.
• Operate within the incident case management platform to ensure real‑time logging, status, actions and decisions are captured and auditable.
• Orchestrate SOC, IR retainer, legal and engineering to deliver containment, focused monitoring, and durable remediation.
• Operate to NIST‑aligned IR practices and ADI governance; align evidence and timelines to other applicable obligations (e.g., sectoral regulators).
• When appropriate, maintain legal privilege throughout investigations using ADI’s privilege guidance and approved channels.
• Partner with SOC and Threat Intel to apply MITRE ATT&CK mapping, enable proactive detection, and reduce dwell time.
• Drive post‑incident reviews (PIRs), root‑cause analysis and action plans; track MTTD/MTTR, severity distributions and regulatory timelines.
• Be a pivotal part of tabletops and simulations; evolve playbooks to reflect new tactics, cloud patterns and control gaps.

Essential experience

• 5+ years leading cyber incidents and complex intrusions (SOC/IR/major incident command) in global enterprise environments.
• Mastery of incident lifecycle execution (SANS six steps), evidence handling, and cross‑functional coordination.
• Strong grasp of SIEM/EDR (e.g., Microsoft Sentinel, Defender, Splunk) and cloud incident patterns (Azure/AWS).
• Clear, executive‑level communication—translating technical impact into business risk and decisions.

Nice‑to‑have certifications

• GCIH, GCFA/GCFR, GCTI, CISSP, CCSP, CISM; UK CREST credentials welcome but not essential.

Why Join Us?

• Work with cutting-edge security tools and technologies in a dynamic, innovative environment.
• Play a meaningful role in shaping and strengthening the security posture of a global enterprise.
• Competitive salary, benefits, and continuous professional development opportunities.
• A collaborative culture that values integrity, innovation, and work-life balance.

Job Req Type: Experienced

Required Travel: Yes, 10% of the time

Shift Type: 1st Shift/Days