Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead cyber incident response, threat hunting, and detection engineering in a retail-focused environment.
- Company: Join an international consultancy firm specialising in Cyber Security.
- Benefits: Competitive salary, bonus, hybrid work, and great benefits.
- Why this job: Make a real impact in cyber security while leading a dynamic team.
- Qualifications: Experience in SOC, Incident Response, or Threat Hunting; familiarity with InsightIDR.
- Other info: Opportunity for career growth and to enhance your skills in a supportive environment.
The predicted salary is between 70000 - 80000 ÂŁ per year.
This CIRT L3 Lead role is a hands‑on leadership position responsible for end‑to‑end cyber incident response, proactive threat hunting, and detection engineering in Rapid7 InsightIDR for a retail‑focused environment.
You will coordinate cross‑functional technical teams during major incidents, drive containment and recovery, and own post‑incident reviews and playbooks. The role includes mentoring CIRT analysts, enhancing SIEM/SOAR automation, and continuously improving processes using frameworks such as MITRE ATT&CK, NIST 800‑61, and PCI DSS.
What this job is really about:
- Owning cyber incident response end‑to‑end: from first alert, through containment and eradication, to lessons learned and better playbooks.
- Turning threat hunting into a core capability: hypothesis‑driven, adversary‑based hunts that actually find things, not just tick a process box.
- Making Rapid7 InsightIDR work hard: building and tuning detection rules and UBA use cases so you see retail‑relevant threats early and clearly.
- Being the person who connects the dots between frameworks like MITRE ATT&CK, NIST 800‑61, PCI DSS and what actually happens on the ground.
Who this will suit:
- You’ve worked in SOC, Incident Response, or Threat Hunting and are comfortable leading complex investigations, not just following a runbook.
- You’ve used InsightIDR or another MDR/SIEM platform for rule creation, tuning and dashboards, and you’re not afraid of SOAR tools like InsightConnect or Cortex XSOAR.
- Python or PowerShell are part of your toolkit, and retail networks, POS systems, and cloud infrastructure don’t intimidate you.
- You can manage, coach, and challenge a CIRT team, handle stakeholders in the middle of a live incident, and still think strategically about where the function needs to go.
Nice to have (but not deal‑breakers):
- Certifications such as GCIH, GCFA, CISSP, or Rapid7 InsightIDR Specialist.
- A track record of improving processes, not just operating them – plus the communication skills to bring people with you.
About the job:
- Contract Type: Permanent
- Focus: Information Security
- Workplace Type: Hybrid
- Experience Level: Mid Management
- Location: West Yorkshire
- Specialism: Technology & Digital
- Industry: IT
- Salary: ÂŁ70,000 - ÂŁ80,000 per annum + bonus plus benefits
Cyber Incident Response Tech (CIRT) Lead employer: Robert Walters UK
Contact Detail:
Robert Walters UK Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Cyber Incident Response Tech (CIRT) Lead
✨Tip Number 1
Network like a pro! Get out there and connect with folks in the cyber security scene. Attend meetups, webinars, or even local events. You never know who might have the inside scoop on job openings or can put in a good word for you.
✨Tip Number 2
Show off your skills! Create a portfolio or GitHub repository showcasing your projects, especially those related to incident response or threat hunting. This gives potential employers a taste of what you can do beyond just a CV.
✨Tip Number 3
Prepare for interviews by practising common questions and scenarios specific to CIRT roles. Think about how you'd handle real-life incidents and be ready to discuss your thought process. We want to see your problem-solving skills in action!
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen. Plus, we love seeing candidates who are proactive and engaged with our platform.
We think you need these skills to ace Cyber Incident Response Tech (CIRT) Lead
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the Cyber Incident Response Tech Lead role. Highlight your experience in SOC, incident response, and threat hunting, and don’t forget to mention any relevant tools like Rapid7 InsightIDR.
Craft a Compelling Cover Letter: Your cover letter should tell us why you’re the perfect fit for this role. Share specific examples of how you've led complex investigations or improved processes in your previous roles. Make it personal!
Show Off Your Skills: Don’t shy away from showcasing your technical skills! Mention your experience with Python, PowerShell, and any SIEM/SOAR tools you’ve used. We want to see how you can make Rapid7 InsightIDR work hard for us.
Apply Through Our Website: We encourage you to apply through our website for a smoother application process. It’s the best way for us to keep track of your application and ensure it gets the attention it deserves!
How to prepare for a job interview at Robert Walters UK
✨Know Your Tools Inside Out
Make sure you’re well-versed in Rapid7 InsightIDR and any other SIEM/SOAR tools mentioned in the job description. Be ready to discuss your experience with detection rules, tuning, and how you've used these tools in past incidents.
✨Showcase Your Leadership Skills
As a CIRT Lead, you'll be expected to mentor and manage a team. Prepare examples of how you've led teams during complex investigations or incidents, and how you’ve improved processes in your previous roles.
✨Understand the Frameworks
Familiarise yourself with MITRE ATT&CK, NIST 800-61, and PCI DSS. Be prepared to explain how you’ve applied these frameworks in real-world scenarios, especially in relation to retail environments.
✨Prepare for Scenario-Based Questions
Expect questions that test your problem-solving skills in live incident situations. Think through potential scenarios you might face as a CIRT Lead and how you would handle them, focusing on containment, recovery, and post-incident reviews.
