Incident Response Lead

Position Description

If you're ahead of the game on systems risk and cyber security, we can secure your career ambitions. At CGI, our Security Experts are trusted to work closely with a wide range of clients on exciting projects with real-world purpose and impact. CGI was recognised in the Sunday Times Best Places to Work List 2025 and has been named a UK 'Best Employer' by the Financial Times. We offer a competitive salary, excellent pension, private healthcare, plus a share scheme (3.5% + 3.5% matching) which makes you a CGI Partner not just an employee. We are committed to inclusivity, building a genuinely diverse community of tech talent and inspiring everyone to pursue careers in our sector, including our Armed Forces, and are proud to hold a Gold Award in recognition of our support of the Armed Forces Corporate Covenant. Join us and you'll be part of an open, friendly community of experts. We'll train and support you in taking your career wherever you want it to go.

This is a hybrid position.

Your future duties and responsibilities

As the Incident Response Lead you will be part of the CGI Global Security Operations Center (GSOC) team which provides security monitoring, detection and response services in CGI.

You can lead and conduct highly technical incident response engagements, setting the incident response plan, and working with and leading colleagues where required in the correct application of incident response processes within CGI.

In addition you will be a highly effective communicator and can communicate at all levels within the business. This role requires a thorough understanding of cyber security and in-depth knowledge and experience around cyber incident response, threat actor techniques, tactics and procedures (TTPs), computer networking fundamentals, modern threats and vulnerabilities, and forensics methodologies and tools.


• Provide technical leadership and conduct incident response engagements to ensure timely response, investigation and remediation execution across cloud, on premise and remote devices
• Help to develop incident response within the Global SOC, paying particular attention to best practices and
• advances in technology or cyber security
• Perform Advanced Digital Forensics Analysis, Host based or Network analysis as required during an investigation
• Act as the senior subject matter expert where required during security incidents
• Provide ideas and feedback to improve the overall SOC capabilities or maturity (focus on people and processes)
• Work closely with other teams to provide mitigation recommendations and lessons learned to reduce the overall security risk within the organisation
• Preform basic reverse engineering on malware using dynamic and static analysis
• Be part of an on-call roster providing 24/7 incident response functions
• Act as a mentor to junior analysts in GSOC

Required qualifications to be successful in this role

You should have expertise and demonstrate experience in working in a similar cybersecurity role or associated discipline.

• Previous experience leading incident response engagements
• Strong understanding of Incident Response methodologies and tools
• Strong understanding of networking fundamentals
• Strong understanding of Windows/Linux/Unix operating systems
• Strong understanding of operating system and software vulnerabilities and exploitation techniques
• SIEM Experience (e.g. Arcsight, Splunk, Logpoint, ELK)
• EDR Experience (e.g. CrowdStrike Falcon, SentinelOne, Microsoft Defender, Cortex)
• Network analysis experience with NDR technologies
• Malware Analysis (Static Analysis or Dynamic Analysis of captured file, Reverse Engineering)
• Experience of utilizing threat intelligence sources
• User investigations, Behavioural Analysis technology and or processes
• Experience with Insider Threat Investigations



#LI-NP1

Together, as owners, let's turn meaningful insights into action.

Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you'll reach your full potential because...

You are invited to be an owner from day 1 as we work together to bring our Dream to life. That's why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company's strategy and direction.

Your work creates value. You'll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise.

You'll shape your career by joining a company built to grow and last. You'll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons.

Come join our team-one of the largest IT and business consulting services firms in the world.