Principal Consultant - Incident Response in London

Salary: Up to £85,000 + £4,700 cash benefits

Location: London, Cardiff, Manchester, Birmingham or Edinburgh

Working pattern: Hybrid - 2-3 days per week in the office

About the Role

Our client is seeking an experienced Principal Consultant to join their Incident Response practice. This is a senior, client-facing role within a highly regarded cyber security team, delivering both emergency response services and proactive incident readiness engagements. When not leading live cyber incidents, you will work closely with organisations to strengthen their preparedness. This includes reviewing and developing incident response plans, facilitating tabletop exercises, running simulated attack scenarios, and advising on preventative engineering and operational readiness. The focus is on ensuring clients are not only able to respond effectively in a crisis, but are proactively building resilience into their environments. This role offers the opportunity to work on complex and high-profile cyber incidents, while also shaping how organisations think about planning, governance and technical response capability.

The Role

• Lead and deliver technical incident response engagements, helping clients respond, remediate and recover from cyber security incidents.
• Conduct high-quality forensic and technical analysis to determine root cause, scope and impact of security breaches.
• Produce clear, well-structured outputs ranging from executive briefings to detailed technical investigation reports.
• Act as the technical lead on small to medium-sized incidents, overseeing team members and ensuring technical excellence throughout delivery.
• Support detection engineering and SecOps enhancement initiatives, including identifying coverage gaps in EDR/SIEM tooling and contributing to orchestration and automation playbooks.
• Work directly with client technical teams, acting as a trusted advisor and primary point of contact during engagements.
• Scope and design both emergency response and preparatory readiness engagements.

In addition to reactive incident work, you will:

• Assess and improve clients' incident response plans and protocols.
• Facilitate tabletop exercises and simulated attack scenarios to test organisational readiness.
• Deliver incident preparedness services, including playbook development, runbook design and capability gap analysis.
• Provide threat briefings and strategic guidance to help organisations strengthen their preventative and detection capabilities.
• Mentor and develop junior consultants within the practice.

About You

Our client is looking for an experienced incident responder with strong technical depth and the ability to engage confidently with stakeholders at all levels. You will have recent hands-on experience in at least two of the following areas:

• Digital forensics and technical incident response
• Enterprise security operations tooling and processes
• Detection engineering within EDR/SIEM environments, including addressing ATT&CK TTP coverage gaps
• Enterprise IT networks and Active Directory
• Cloud platforms such as Microsoft 365, Azure, AWS or GCP

You will also demonstrate:

• A strong understanding of threat actors and the techniques used to compromise organisations.
• The ability to analyse complex technical problems and communicate findings clearly to both technical and non-technical audiences.
• Experience leading investigations and managing client-facing engagements.
• Familiarity with incident readiness and preparedness services, including tabletop exercises, playbook development and response planning.
• The ability to build strong working relationships with clients and internal stakeholders.
• A commitment to mentoring and developing others within the team.

This is an excellent opportunity for an experienced incident response professional who enjoys both the intensity of live incident work and the strategic value of helping organisations strengthen their cyber resilience before an attack occurs. Apply now for immediate review!