Incident Response Analyst in Glasgow

Scottish Power HQ, Glasgow

Flexible & Hybrid working pattern

Negotiable rate, Inside IR35, PAYE and UMB options available

Help us create a better future, quicker. SP Energy Networks (SPEN) has kicked off an ambitious security transformation programme to transparently reduce risk, achieve compliance with NIS regulations and deliver a cyber resilient business. The Incident Response Analyst is essential in achieving our goals. This role will be integrated into an active and ambitious global cyber security function, contributing to SPEN's cyber security purpose of delivering cyber resilient OT and IT, to enable a safe and reliable electricity supply to customers.

What you'll be doing:

• You will play a central role in strengthening SPEN's incident response capability by developing, maintaining, and continuously improving cyber security playbooks, procedures, and associated documentation.
• You'll work closely with incident responders, detection engineers, and wider cyber teams to ensure processes are clear, repeatable, and aligned with best practice.
• You'll support the full incident lifecycle - from preparation through to post incident review - ensuring lessons learned are captured, documented, and fed into future improvements.
• As part of this, you will contribute to the maturity of SPEN's cyber response framework, ensuring playbooks are operationally effective, compliant with NIS regulations, and tailored to our evolving OT and IT environments.
• You will also be responsible for developing and delivering an incident response exercise plan covering a range of scenarios designed to test team readiness, validate playbooks, and ensure operational effectiveness.
• These exercises may include tabletop scenarios, technical simulations, cross team coordination drills, and lessons learned reviews that contribute directly to capability uplift.
• Building strong working relationships across the business will be key. You'll engage with operational, engineering, legal, risk, communications, and technology stakeholders to understand their requirements, coordinate incident response activities when required, and ensure that documentation and processes reflect real world operational needs.
• You will also have the opportunity to help shape the wider strategy of the Incident Response function - identifying capability gaps, contributing to team roadmaps, supporting cross industry collaboration, and driving continual service improvement within SPEN's cyber resilience programme.

What you'll bring:

• Experience developing, maintaining, or executing incident response playbooks, runbooks, or procedures within a cyber security environment.
• Strong documentation skills - with the ability to translate complex technical activities into clear, structured, and usable operational guidance.
• Ability to plan, deliver, and evaluate incident response exercises - such as tabletop scenarios, simulation based drills, or cross team coordination activities - with a focus on validating playbooks and improving operational readiness.
• Demonstrable experience building effective relationships with technical and non-technical stakeholders, with the ability to collaborate, influence, and communicate clearly during both day to day operations and during security incidents.
• A good understanding of the incident response lifecycle, common attack techniques (MITRE ATT&CK), and how incident response processes integrate with threat detection, monitoring, and wider security operations.