CERT Incident Responder in Bolton

The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness while advancing the organisation's Adversarial Exposure Validation (AEV) activities, including Red and Purple Team efforts. The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs).

Salary: £50,000 – £60,000 depending on experience.

Dynamic (hybrid) working: Minimum 2 days per week on-site due to workload classification.

Security Clearance: British Citizen or a Dual UK national with British citizenship. Restrictions and/or limitations relating to nationality and/or rights to work may apply. As a minimum and after offer stage, all successful candidates will need to undergo HMG Basic Personnel Security Standard checks (BPSS), which are managed by the MBDA Personnel Security Team.

What we can offer you:

• Company bonus: Up to £2,500 (based on company performance and will vary year to year)
• Pension: maximum total (employer and employee) contribution of up to 14%
• Overtime: opportunity for paid overtime
• Flexi Leave: Up to 15 additional days
• Flexible working: We welcome applicants who are looking for flexible working arrangements
• Enhanced parental leave: offers up to 26 weeks for maternity, adoption and shared parental leave - enhancements are available for paternity leave, neonatal leave and fertility testing and treatments
• Facilities: Fantastic site facilities including subsidised meals, free car parking and much more...
• Healthcare Cash Plan: The Healthcare Cash Plan benefit provides the option to claim cash back on everyday healthcare expenses such as optical, dental, health and wellbeing and more.

The opportunity:

The CERT Incident Responder is responsible for leading digital forensics and incident response (DFIR) readiness while advancing the organisation's Adversarial Exposure Validation (AEV), including Red and Purple Team activities. The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs). This is a Next step role for an experienced Analyst with a passion for Incident response and Threat mitigation.

Essentials:

• Lead digital forensics and incident response (DFIR) activities, ensuring lab readiness, artefact management, and delivery of forensic objectives.
• Maintain and enhance forensic tools and environments (e.g., Magnet Axiom, Autopsy) to ensure operational capability.
• Conduct detailed forensic analysis, malware reverse engineering, and cyber investigation of complex incidents.
• Ensure effective chain of custody, artefact preservation, and evidence handling processes.
• Maintain accurate digital forensics documentation, incident playbooks, and readiness rehearsal materials.
• Lead and execute tabletop exercises (TTEx) to test and improve incident response and forensic readiness.
• Perform network and endpoint investigations, including AV scans, incident remediation, and validation of security alerts.
• Collaborate with IM/DEx and Security Operations to enhance incident reporting, alerting, and notification services.
• Deputise for CERT responders during major incidents or third-party attacks, coordinating with national and international partners (e.g., NCPC).
• Develop and maintain enterprise security documentation, including policies, standards, baselines, and playbooks.

Desirables:

• Identify root causes of security incidents and recommend sustainable mitigation strategies.
• Manage remediation and closure of security cases, ensuring timely implementation of corrective actions.
• Develop and maintain threat scenarios to validate detection and response across SOC, EDR, SIEM, and XDR platforms.
• Translate threat intelligence into testable hypotheses and simulation exercises in collaboration with Threat Intelligence teams.
• Utilise adversarial emulation tools (Caldera, Atomic Red Team, AttackIQ, SCYTHE, Cobalt Strike, etc.) to replicate realistic attacker behaviours.
• Research and integrate emerging threats and TTPs into adversary emulation and validation methodologies.
• Produce detailed reporting and metrics on detection coverage, response performance, and control effectiveness.
• Support the wider IM/DEx team by validating new or updated controls against advanced threat simulations.
• Support SOC operations with investigation, alert triage, and implementation of lessons learned from adversarial validation and DFIR activities.
• Research and evaluate emerging security tools, technologies, and methodologies; provide gap analysis and recommendations to influence investment.
• Deliver metrics, dashboards, and reports demonstrating adversarial resilience and capability maturity.
• Contribute to small-to-medium cyber projects enhancing threat detection, emulation, and response maturity.

What we're looking for from you:

Demonstratable experience handling incidents, such as:

• Ransomware containment + remediation
• Business email compromise investigations
• Cloud account takeover
• Insider threat events
• Large-scale phishing attacks
• Leading incident response calls, advising leadership, and writing executive summaries

MBDA is a leading defence organisation. We are proud of the role we play in supporting the Armed Forces who protect our nations. We partner with governments to work together towards a common goal, defending our freedom. We are proud of our employee-led networks, examples include: Gender Equality, Pride, Menopause Matters, Parents and Carers, Armed Forces, Ethnic Diversity, Neurodiversity, Disability and more... We recognise that everyone is unique, and we encourage you to speak to us should you require any advice, support or adjustments throughout our recruitment process.