Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead cyber incident response, manage threats, and develop a skilled team.
- Company: Join the University of Oxford, a world-leading institution blending tradition with innovation.
- Benefits: Enjoy 38 days of leave, flexible working, and a vibrant community.
- Why this job: Make a real impact on cybersecurity while contributing to groundbreaking research.
- Qualifications: Proven experience in cyber incident response and strong technical knowledge required.
- Other info: Visa sponsorship available; security screening is part of the hiring process.
The predicted salary is between 48235 - 62407 £ per year.
Are you an experienced and capable Cyber Incident Response Lead? Oxford University's Information Security Operations team (OxCERT) is seeking someone like you to manage and coordinate our cyber response. The role is crucial in protecting the collegiate university's digital infrastructure and data, supporting its research, innovation, and teaching; and their administration.
Location: Central Oxford / Hybrid
Salary: £48,235 - £62,407 per annum
Contract: Full Time, Permanent
About Us
The University of Oxford has been ranked the world's leading university for nine consecutive years. A place where centuries of tradition meet world-changing innovation, we offer you the chance to shape the future while working in an inspiring environment that promotes excellence. Here, you'll contribute to ground-breaking research that tackles global challenges - from advancing sustainability to pioneering healthcare solutions - and join a diverse, inclusive community that champions your wellbeing, development, and aspirations.
The Information Security Operations team is part of the university's Information Security (InfoSec) department, which is headed by the Chief Information Security Officer (CISO). InfoSec is responsible for safeguarding the university's digital assets while enabling its strategic objectives. Within this structure, the Operations team focuses on the Protect, Detect, and Respond functions of the NIST Cybersecurity Framework.
What We Offer
- 38 days of annual leave (inclusive of public holidays) to support your wellbeing, with the option to purchase up to 10 extra days and additional leave after long service.
- One of the most generous family leave schemes in UK higher education, offering up to 26 weeks of full-pay maternity and adoption leave, plus 12 weeks of full-pay paternity/partner leave.
- A commitment to hybrid and flexible working to suit your lifestyle.
- An excellent contributory pension scheme.
- Affordable and sustainable commuting options, including a cycle loan scheme, discounted bus travel, and season ticket loans.
- Access to a vibrant community through our social, cultural, and sports clubs.
About the Role
As Cyber Incident Response Lead, you will oversee the full lifecycle of cybersecurity incidents - from detection and containment to recovery and post-incident analysis. You'll act as the primary escalation point for high-impact threats and collaborate closely with the wider InfoSec team to enhance detection capabilities, deploy new tools, and improve automated response mechanisms.
You’ll lead and develop a team of Cyber Security Analysts, guiding their professional growth and performance. Your role will also involve contributing to IT policy development and designing secure systems, while continuously identifying opportunities to strengthen the university's security posture.
In addition, you'll manage threat detection and analysis activities, including monitoring SIEM, IDS/IPS, and endpoint protection systems. You'll lead threat hunting and forensic investigations, maintain and refine incident response plans and playbooks, and drive ongoing improvements through lessons learned and regular simulation exercises.
About You
- Proven experience in cyber incident response
- Strong technical knowledge of SIEM, EDR, IDS/IPS, and networking
- Excellent communication and leadership skills
This role meets the criteria for sponsorship under the Skilled Worker visa. The University will meet the cost of the Skilled Worker visa and NHS surcharge for applicants that require a visa. Please let us know in your application if you require sponsorship.
Acceptance into this role is subject to security pre-employment University Enhanced Level Screening including a satisfactory DBS BASIC check.
Application Process
To apply, please upload:
- A covering letter/supporting statement that addresses each of the selection criteria with an example of a situation, what you thought, what you did and how your action achieved or improved the desired outcome
- Your CV
- The details of two referees
The closing date for applications is 12 noon on 14th July. Interviews will take place in late July and will be in person in Oxford.
Contact Person: John Chapman
Contact Email: john.chapman@admin.ox.ac.uk
Cyber Incident Response Lead employer: University of Oxford
Contact Detail:
University of Oxford Recruiting Team
john.chapman@admin.ox.ac.uk
StudySmarter Expert Advice 🤫
We think this is how you could land Cyber Incident Response Lead
✨Tip Number 1
Familiarise yourself with the NIST Cybersecurity Framework, especially the Protect, Detect, and Respond functions. This knowledge will not only help you understand the role better but also allow you to speak confidently about how you can contribute to the team.
✨Tip Number 2
Network with professionals in the cybersecurity field, particularly those who have experience in incident response. Engaging with others can provide insights into the role and may even lead to referrals or recommendations.
✨Tip Number 3
Stay updated on the latest trends and threats in cybersecurity. Being knowledgeable about current events and emerging technologies will demonstrate your commitment to the field and your proactive approach to security.
✨Tip Number 4
Prepare for potential interview questions by practising your responses to scenarios involving incident response. Think of specific examples from your past experiences that showcase your problem-solving skills and leadership abilities.
We think you need these skills to ace Cyber Incident Response Lead
Some tips for your application 🫡
Tailor Your Covering Letter: Make sure your covering letter directly addresses the selection criteria mentioned in the job description. Use specific examples from your experience that demonstrate your skills in cyber incident response, technical knowledge, and leadership abilities.
Highlight Relevant Experience: In your CV, emphasise your proven experience in cyber incident response. Include details about your familiarity with SIEM, EDR, IDS/IPS, and networking, as well as any leadership roles you've held in previous positions.
Use the STAR Method: When providing examples in your covering letter, use the STAR method (Situation, Task, Action, Result) to clearly outline your thought process and the impact of your actions. This will help the hiring team understand how you approach challenges.
Proofread Your Application: Before submitting your application, carefully proofread both your covering letter and CV for any spelling or grammatical errors. A polished application reflects your attention to detail and professionalism.
How to prepare for a job interview at University of Oxford
✨Understand the Role
Make sure you thoroughly understand the responsibilities of a Cyber Incident Response Lead. Familiarise yourself with the NIST Cybersecurity Framework and be prepared to discuss how your experience aligns with the Protect, Detect, and Respond functions.
✨Showcase Your Technical Skills
Be ready to demonstrate your technical knowledge of SIEM, EDR, IDS/IPS, and networking. Prepare specific examples of how you've used these tools in past roles to manage cybersecurity incidents effectively.
✨Prepare for Scenario-Based Questions
Expect scenario-based questions that assess your problem-solving skills in high-pressure situations. Think of past incidents you've managed and be ready to explain your thought process, actions taken, and the outcomes.
✨Highlight Leadership Experience
As you'll be leading a team of Cyber Security Analysts, emphasise your leadership skills. Share examples of how you've guided teams, fostered professional growth, and improved performance in previous roles.
