Cyber Digital Forensics & Incident Response Manager – Inverness

This is a Hybrid Role Onsite 2-3 Days Per Week. Work location either Manchester or Inverness.

An excellent opportunity has arisen within our Team for a Digital Forensics & Incident Response (DFIR) Manager. DFIR (Digital Forensics and Incident Response) is a specialist cyber security capability responsible for delivering rapid, high-impact incident response and investigation during significant cyber events, such as Malware or Ransomware attacks or Cyber security breaches.

The Digital Forensics and Incident Response Manager is a leadership position within Capgemini’s Cyber Defence Centre’s (CDC’s) team. This role will oversee the DFIR Service, taking responsibility for all aspects of service delivery. The successful candidate will be one of the foremost technical experts for all aspects of cyber incident response, ensuring that the team are suitably trained and that cyber incidents are handled in accordance with the requirements of our clients.

You will manage a team of DFIR analysts and be responsible for the management of the services provided to our clients, ensuring they cover the key contractual deliverables/requirements and that clients are satisfied with the quality and performance of the services.

You will need to demonstrate experience of developing, managing and mentoring a Team and ensuring that appropriate resources are in place to deliver a first-class service, delivering against SLAs and KPIs. You will also need excellent Stakeholder management skills including the ability to translate complex technical threats and vulnerabilities into executive-friendly insights that articulate potential business risks and recommended actions.

Who You’ll Work With

You’ll lead a close-knit team of DFIR analysts within a 24×7 on-call model, Cyber Threat Intelligence (CTI) analysts and collaborate with DFIR, CDC, and client teams. You’ll be surrounded by professionals who are passionate about cybersecurity and committed.

Your role

• Lead and coordinate end-to-end cyber incident response activities, ensuring effective containment, eradication, and recovery during high-severity incidents.
• Oversee and perform digital forensic investigations, including evidence collection, preservation, and analysis across endpoint and cloud-based environments.
• Own the delivery of incident reporting and executive briefings, translating technical findings into business risk and actionable recommendations.
• Establish and maintain DFIR processes, playbooks, and runbooks, ensuring alignment with recognised standards such as NCSC CIR.
• Lead, mentor, and manage a team of DFIR analysts, ensuring operational readiness, on-call coverage, and delivery against SLAs and KPIs.

You can bring your whole self to work. At Capgemini, building an inclusive future is part of everyday life and will be part of your working reality. We have built a representative and welcoming environment for everyone.

Your skills and experience

• Experienced in managing a distributed team of DFIR specialists and related technical teams.
• Strong experience leading cyber incident response, managing high-severity incidents and coordinating technical and stakeholder response.
• Hands-on expertise in digital forensics, including evidence collection and analysis across endpoint and cloud environments (e.g. AWS, Azure).
• Ability to deliver clear incident reports and executive briefings, translating technical findings into business impact and actions.
• Experience developing and improving DFIR processes and playbooks, aligned to recognised frameworks such as NCSC CIR.
• Relevant industry certifications such as CREST (CPIA/CRIA) or SANS (GCIA, GCIH, GCFA).

Capgemini is proud to be a Disability Confident Employer (Level 2) under the UK Government’s Disability Confident scheme. As part of our commitment to inclusive recruitment, we will offer an interview to all candidates who declare they have a disability and meet the minimum essential criteria for the role.

Your security clearance and pre-employment checks

If you are successfully offered this position, you will go through a series of pre-employment checks, including identity, nationality (single or dual) or immigration status, employment history going back 3 continuous years, and unspent criminal record check (known as Disclosure and Barring Service). Some roles will also require an additional level of security clearance: Security Check (SC) Clearance.

Make it real – what does it mean for you?

Flexibility to work your way

You will be encouraged to have a positive work-life balance. Our hybrid-first way of working means we embed hybrid working in all that we do and make flexible working arrangements the day-to-day reality for our people. All UK employees are eligible to request flexible working arrangements.

Your wellbeing

You’d be joining an accredited Great Place to work for Wellbeing in 2024. Employee wellbeing is vitally important to us as an organisation. We see a healthy and happy workforce as a critical component for us to achieve our organisational ambitions.

Shape your path

You will be empowered to explore, innovate, and progress. You will benefit from Capgemini’s ‘learning for life’ mindset, meaning you will have countless training and development opportunities from think tanks to hackathons, and access to 250,000 courses with numerous external certifications from AWS, Microsoft, Harvard ManageMentor, Cybersecurity qualifications and much more.

Shared energy

You’ll be bringing your unique skills and perspectives to the team, inspiring and taking inspiration from your teammates as you unlock value in everything you do. You’ll be joining a professional community of experts, who have got your back and will support you every step of the way.