CrawlJobs Logo
British Airways Logo British Airways · IT - Administration

Cyber Incident Lead

United Kingdom, London · Job Posted June 15, 2026
Apply Position
Job Link Share

Job Description

As the nation’s flag carrier, we take great pride in connecting Britain with the world and the world with Britain. It’s something we’ve been doing for over 100 years, ever since we launched the world’s first international scheduled air service between London and Paris. This originality has been in our blood since day one. It’s the spirit we share with the people that fly with us, our partners, and our colleagues. So, whether you are a reassuring voice on the end of a phone, a smile at the door, under a wing keeping the turbines spinning or landing us gently in far-flung places, a job at British Airways is yours to make. We know great things can happen when you’re inspired to think big and bring your ambition to work every day, which is why, at British Airways the sky is never the limit. The role: Cyber Incident Lead. You’ll be part of the Cyber Incident Management function, a critical capability ensuring British Airways can effectively identify, respond to and recover from cyber incidents across the organisation.

Job Responsibility

  • Lead and manage cyber incidents across the BA estate as part of a 24/7 on-call response function
  • Develop, maintain and continuously improve cyber incident response processes
  • Coordinate technical and business stakeholders during incidents
  • Communicate complex technical issues clearly to stakeholders at all levels
  • Perform risk assessments with incomplete or ambiguous information
  • Support the development of in-house digital forensics capability
  • Feed incident learnings into threat intelligence and cyber control tuning
  • Liaise with other operating companies to share indicators of compromise and lessons learnt
  • Manage and continuously improve supplier relationships supporting incident response

Requirements

  • Strong hands-on experience responding to and managing cyber incidents
  • Ability to remain calm, structured and decisive under pressure
  • Strong analytical and problem-solving skills
  • Clear communication skills for technical and non-technical audiences
  • Pragmatic, methodical and outcome-focused approach
  • Collaborative mindset with strong influencing capability
  • Experience in cyber incident response within a large or complex organisation
  • Understanding of incident response methodologies

Nice to have

  • Experience working with threat frameworks is desirable
  • Experience in digital forensics is advantageous
  • Experience in aviation, transport or critical infrastructure is beneficial

What we offer

  • Brilliant staff travel benefits including unlimited basic and premium standby tickets on British Airways flights
  • Up to 30 discounted ‘Hotline’ airfares per year for yourself, friends, and family
  • Market-leading defined contribution (DC) pension
  • Flexible benefits including critical illness cover, childcare vouchers, cycle to work, additional life insurance cover, private medical insurance, dental plan, and healthcare cash plan
  • Electric car scheme
  • Gymflex
  • Heathrow Express 75% discount
British Airways - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Cyber Incident Lead

8 matching positions

Lead Cyber Incident Responder

Location
Location
Australia , Canberra
Salary
Salary:
Not provided
https://www.randstad.com Logo
Randstad
Expiration Date
June 17, 2026
Flip Icon
Requirements
Requirements
  • Minimum of 3 years of hands-on technical experience in a cyber security incident responder role, and strong technical expertise using Microsoft security tools
  • Australian Citizenship required
  • NV1 security clearance required
Job Responsibility
Job Responsibility
  • Investigate and respond to potential and actual cyber security incidents end-to-end across the cyber security incident response lifecycle
  • Use provided tools and technologies to perform cyber security incident response
  • Drive cyber security incident communications, ensuring all parties are aware of incidents and their role in the process
  • Develop and maintain records and documentation related to cyber security incidents
  • Communicate and document technical findings and recommendations to technical and non-technical stakeholders through formal reporting, briefs, emails, and verbal advice
  • Facilitate recovery including post incident review, following resolution of cyber security incidents
What we offer
What we offer
  • $220k
!
Read More
Arrow Right
New

Business Command Center Major and Cyber Incident Region Lead (SVP)

The Business Command Center (BCC) is a critical function supporting Citi's Servi...
Location
Location
Ireland , Dublin
Salary
Salary:
119760.00 - 179640.00 EUR / Year
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven Leadership Experience: Extensive experience in the financial services industry, with a focus on cash management, transactional banking, and trade operations
  • Stakeholder Management and Senior Leadership: Demonstrated expertise in managing executive-level communications and fostering alignment among diverse stakeholder groups and senior leadership
  • Global Collaboration Experience: Demonstrated experience working with global, multi-region initiatives, projects, and teams, including large matrix organizations
  • Influence and Collaboration: Ability to influence partners and drive cross-functional work to achieve optimal solutions to complex problems
  • Detail-Oriented and Results-Driven: Exceptional attention to detail, comprehensiveness of content, and ability to manage multiple assignments to completion under tight deadlines
  • Incident/Crisis Management Expertise: Deep understanding of incident and crisis management principles, including ownership, classification, initial support, escalation/notification, business impact analysis, and resolution tracking
  • Rapid Remediation & Escalation: Drive rapid engagement of key remediation resources and subject matter experts across functional groups to proactively avoid or minimize client-visible service disruptions. Ensure timely and effective escalation to key decision-makers and senior management
  • Severity Assessment & Communication: Establish and enforce consistent severity assessment across all regions and lines of business throughout the incident lifecycle, leveraging client impact and franchise risk criteria. Oversee the timely publication of content-rich incident status updates tailored for client-facing Service teams and regulatory-facing Product Management teams
  • Strategic Incident Preparedness: Coordinate proactive virtual war rooms for significant planned releases or anticipated market events to ensure preparedness and swift response
  • Enhanced Escalation Frameworks: Develop, implement, and manage enhanced client escalation models for key platinum clients, as well as robust internal escalation models for critical internal flows, such as Genesis Liquidity reporting
Job Responsibility
Job Responsibility
  • Proven Leadership Experience: Extensive experience in the financial services industry, with a focus on cash management, transactional banking, and trade operations
  • Stakeholder Management and Senior Leadership: Demonstrated expertise in managing executive-level communications and fostering alignment among diverse stakeholder groups and senior leadership
  • Global Collaboration Experience: Demonstrated experience working with global, multi-region initiatives, projects, and teams, including large matrix organizations
  • Influence and Collaboration: Ability to influence partners and drive cross-functional work to achieve optimal solutions to complex problems
  • Detail-Oriented and Results-Driven: Exceptional attention to detail, comprehensiveness of content, and ability to manage multiple assignments to completion under tight deadlines
  • Incident/Crisis Management Expertise: Deep understanding of incident and crisis management principles, including ownership, classification, initial support, escalation/notification, business impact analysis, and resolution tracking
  • Rapid Remediation & Escalation: Drive rapid engagement of key remediation resources and subject matter experts across functional groups to proactively avoid or minimize client-visible service disruptions. Ensure timely and effective escalation to key decision-makers and senior management
  • Severity Assessment & Communication: Establish and enforce consistent severity assessment across all regions and lines of business throughout the incident lifecycle, leveraging client impact and franchise risk criteria. Oversee the timely publication of content-rich incident status updates tailored for client-facing Service teams and regulatory-facing Product Management teams
  • Strategic Incident Preparedness: Coordinate proactive virtual war rooms for significant planned releases or anticipated market events to ensure preparedness and swift response
  • Enhanced Escalation Frameworks: Develop, implement, and manage enhanced client escalation models for key platinum clients, as well as robust internal escalation models for critical internal flows, such as Genesis Liquidity reporting
What we offer
What we offer
  • competitive base salary (which is annually reviewed)
  • hybrid working model (up to 2 days working at home per week)
  • additional benefits that support you (and your family) to be well, live well and save well
  • Fulltime
Read More
Arrow Right

Business Command Center Major-Cyber Incident Region Lead - Senior Vice President

The SVP C14, BCC Group Manager, serves as the APAC regional lead for Services Ma...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of relevant experience in incident management, cyber response, or a related field
  • Demonstrated experience in senior stakeholder management, including effective negotiation and influencing at executive levels
  • Proven track record in project management with demonstrable results in improving IT services and operational resilience
  • Exceptional leadership capabilities with a focus on team development and performance management
  • Superior written and verbal communication skills, consistently demonstrating clarity, conciseness, and the ability to tailor communication appropriately for diverse technical and non-technical audiences
  • Strong ability to plan, organize, and prioritize workload effectively in a fast-paced, high-pressure environment
  • Bachelor's/University degree required
Job Responsibility
Job Responsibility
  • Lead and coordinate major incident management and cyber response across all Services Lines of Business globally occurring during APAC time zone, operating within a 24x7x365 framework
  • Drive rapid engagement of key remediation resources and subject matter experts across functional groups to proactively avoid or minimize client-visible service disruptions
  • Establish and enforce consistent severity assessment across all regions and lines of business throughout the incident lifecycle
  • Oversee the timely publication of content-rich incident status updates tailored for client-facing Service teams and regulatory-facing Product Management teams
  • Coordinate proactive virtual war rooms for significant planned releases or anticipated market events to ensure preparedness and swift response
  • Develop, implement, and manage enhanced client escalation models for key platinum clients
  • Coordinate and manage cyber event response and communication for all SMBF Lines of Business globally
  • Provide oversight for the early capture of all technology-caused Near Miss events across Services and Markets
  • Manage the performance and development of direct reports and subordinate teams
  • Fulltime
Read More
Arrow Right

Cyber Security Incident Response Lead

The Microsoft Detection and Response Team (DART) are seeking a skilled and exper...
Location
Location
United Kingdom , Multiple Locations
Salary
Salary:
Not provided
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Computer Science, Computer Security, or related field
  • Master's Degree in Computer Science, Computer Security, or related field AND several years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • Bachelor's Degree in Computer Science, Computer Security, or related field AND several years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • equivalent experience
  • Experience in high pressure incident response environments
  • Lead and manage high-profile incident response efforts for some of the world’s largest businesses
  • Coordinate and lead all key stakeholders as the primary point of contact for major incidents
  • Identify gaps early in the engagement process and request appropriate resources to fill those gaps
  • Balance the need for rapid recovery with data collection and evidence preservation
  • Direct activities to secure Enterprise-scale environments and assess potential data exfiltration or data collection
Job Responsibility
Job Responsibility
  • Contextualizing and prioritizing findings to put together a comprehensive account and briefing of the events that transpired during a security incident
  • Pulling together multiple disparate events to build and communicate a cohesive timeline of activity
  • Collaborating with stakeholders at every level of the business, including legal, compliance, cybersecurity, engineering, and executive functions
  • Communicating key objectives and results with clarity and context
  • Managing all of the complexities of large-scale cybersecurity investigations for global multi-national organizations, serving as the primary point of contact
  • Leading research and analysis of security threats, and sharing findings across the team
  • Identifying, conducting, and supporting others in conducting research into critical security areas, such as current attacks, adversary tracking, and academic literature
  • Analyzing complex issues using multiple data sources to develop insights and identify security problems and threats
  • Creating new solutions to mitigate security issues
  • Recommending prioritization and validation methods for technical indicators, developing tools to automate analyses
  • Fulltime
Read More
Arrow Right
New

DFIR Lead Cyber Operations Analyst

Join us as a DFIR Lead Cyber Operations Analyst, at Barclays, we don't just adap...
Location
Location
India , Pune
Salary
Salary:
Not provided
barclays.co.uk Logo
Barclays
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Forensic techniques applied to incident response: practical experience applying forensic techniques across common enterprise data sources (files, operating systems, network traffic, and applications) to support incident investigation and troubleshooting
  • Expert log and artefact analysis (multi‑source): ability to collect, examine, and analyse data from multiple sources (e.g., logs, artefacts, indicators of compromise) and perform pivoted analysis across aggregated logs and digital forensic data to define and contextualise incident scope
  • Advanced incident investigation and response capability: proven ability to analyse and respond to high‑priority security incidents, including timely escalation and driving incidents to closure
  • Technical depth across OS and networking: strong working knowledge of operating system fundamentals and security concepts, plus networking principles sufficient to interpret incident artefacts and investigative hypotheses
  • Coaching / guidance of junior analysts: capability to provide guidance and support to T1/T2 analysts on escalated events requiring subject matter expertise
Job Responsibility
Job Responsibility
  • Support the organisation achieve its strategic objectives by the identification of business requirements and solutions that address business problems and opportunities
  • Management of security monitoring systems, including intrusive prevention and detection systems, to alert, detect and block potential cyber security incidents, and provide a prompt response to restore normal operations with minimised system damage
  • Identification of emerging cyber security threats, attack techniques and technologies to detect/prevent incidents, and collaborate with networks and conferences to gain industry knowledge and expertise
  • Management and analysis of security information and event management systems to collect, correlate and analyse security logs, events and alerts/potential threats
  • Triage of data loss prevention alerts to identify and prevent sensitive data for being exfiltrated from the banks network
  • Management of cyber security incidents including remediation & driving to closure
What we offer
What we offer
  • Competitive holiday allowance
  • Life assurance
  • Private medical care
  • Pension contribution
  • Fulltime
Read More
Arrow Right

Lead Cyber Cryptographic Engineer

Lead Cyber Cryptographic Engineer. As a Cyber Cryptographic Engineer at Capital ...
Location
Location
United States , Riverwoods; Richmond; San Jose; Plano; New York; McLean
Salary
Salary:
179400.00 - 245600.00 USD / Year
capitalone.com Logo
Capital One
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • High School Diploma, GED or equivalent certification
  • At least 4 years of experience with AWS, Microsoft Azure, or Google Cloud Platform
  • At least 4 years of experience in security and cryptographic engineering
  • At least 4 years of experience in Agile team roles supporting security and cryptographic projects
  • At least 4 years of experience with PKI, Key Management, and certificate lifecycle processes
Job Responsibility
Job Responsibility
  • Build best-in-class Cloud Security and Cryptographic products
  • Build and run enterprise security platforms for critical data security services, with a focus on certificate and key lifecycle management, including advanced cryptographic techniques
  • Build automated solutions via AWS Lambda and serverless architecture, incorporating strong cryptographic implementations
  • Proactively identify architectural weaknesses, particularly cryptographic vulnerabilities, and provide appropriate solutions
  • Evangelize a security-centered and cryptography-first approach to drive adoption across a large enterprise
  • Innovate techniques for visualizing large amounts of complex, real-time security data, including cryptographic events, in a simple, elegant manner for users
  • Participate in or lead complex or high-severity troubleshooting and incident problem resolutions involving cryptographic issues with other infrastructure teams or vendors
  • Translate business needs into workable, cryptographically secure technology solutions that meet the needs of internal customers
  • Act as a project lead or participate as a team member on projects involving certificates, keys, and advanced cryptographic security measures
  • Participate in capacity planning, performance monitoring, and maintenance to ensure high availability and proactively identify opportunities for service improvement, especially in cryptographic systems
What we offer
What we offer
  • performance based incentive compensation
  • cash bonus(es)
  • long term incentives (LTI)
  • health
  • financial and other benefits
  • Fulltime
Read More
Arrow Right

SOC Lead - Cyber Security Operations

We are seeking an experienced SOC Lead to head Vodafone’s Security Operations Ce...
Location
Location
India , Bangalore
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years in security operations, including at least 4+ years in a SOC leadership or senior incident response role
  • Proven leader of 24x7 SOC teams, with a strong track record of improving MTTT/MTTR, triage quality, and operational performance
  • Technical authority in incident response, capable of leading complex investigations and making sound decisions under pressure
  • Highly experienced with SIEM platforms such as Splunk, Microsoft Sentinel, Google SecOps, ArcSight, or QRadar, and familiar with EDR/NDR technologies
  • Skilled in driving SOC automation, SOAR, and AI-enabled capabilities, with a clear understanding of governance and responsible use
  • Knowledgeable across network, endpoint, and cloud security, with a strong grasp of attacker techniques and the MITRE ATT&CK framework
  • Analytical decision-maker who balances risk, speed, and business impact in ambiguous situations
  • Passionate about developing people and building sustainable SOC capability for the future
  • Educated to degree level in Cyber Security, Computer Science, Information Technology, or a related discipline (or equivalent practical experience)
  • Holder of relevant certifications such as GIAC, CISSP, or vendor-specific SOC certifications
Job Responsibility
Job Responsibility
  • Lead and manage 24x7 SOC operations, ensuring consistent, high-quality alert monitoring, triage, and incident response across all markets
  • Own and drive SOC service performance against key KPIs including MTTT, MTTR, triage quality, and SLA adherence, delivering measurable improvements in detection quality, response speed, and efficiency
  • Oversee the full alert lifecycle, ensuring accurate investigation, containment, escalation, and high-quality incident reporting
  • Continuously enhance detection capabilities by improving SIEM use cases, alert logic, and playbooks, reducing false positives and increasing coverage across priority threat scenarios
  • Drive the adoption of automation, SOAR, and AI-assisted capabilities to improve speed, consistency, and scalability, with appropriate governance and human oversight
  • Lead SOC transformation initiatives focused on reducing alert fatigue, streamlining workflows, and improving analyst productivity
  • Build, coach, and develop a high-performing SOC team through structured capability development, performance management, and knowledge sharing
  • Act as the final escalation point for complex or high-risk incidents, applying expert judgement to validate and close cases
  • Deliver clear, data-driven SOC performance and incident reporting to senior leadership
  • Foster a culture of continuous improvement through post-incident reviews, detection retrospectives, and operational learning
What we offer
What we offer
  • The opportunity to lead a globally impactful SOC function within a recognised Cyber Defence Centre of Excellence
  • Exposure to large-scale, complex cyber defence operations across multiple international markets
  • The chance to shape and influence the future of SOC operations through automation and AI-driven transformation
  • A collaborative, inclusive environment that supports professional growth and continuous learning
  • The ability to work with advanced security technologies and experienced cyber defence professionals
  • Fulltime
Read More
Arrow Right

Lead Cyber Security Engineer

BlueWater Federal is looking for a Lead Cyber Security Engineer to support the S...
Location
Location
United States , Colorado Springs
Salary
Salary:
Not provided
bwfed.com Logo
BlueWater Federal Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master’s or Bachelor’s degree in an IT- or cyber-related field
  • Minimum of 10 years of cyber-related experience
  • Must have an active Secret clearance
  • Security+ certification at a minimum, CISSP preferred
  • Experience with ACAS, ESS, and other compliance tools/techniques
  • Experience with Elastic, Splunk, or other log collection tools
  • Experience with eMASS
  • Robust understanding of Risk Management Framework (RMF) security controls
  • Experience investigating security incidents.
Job Responsibility
Job Responsibility
  • Plan, perform, analyze, and report on compliance with designated security controls using a test environment as well as Assured Compliance Assessment Solution (ACAS) scans
  • Implement vulnerability compliance actions to ensure the safety of SEWS data
  • Ensure all Information Security Continuous Monitoring (ISCM) tasks are completed on time
  • Monitor, assess, and report system security vulnerabilities, document corrective actions, and implement preventative actions to minimize the security vulnerabilities
  • Identify and analyze emergent cybersecurity technologies and systems engineering methods to improve the system’s cybersecurity posture
  • Perform testing to ensure security controls are implemented correctly and ensure the security of SEWS data
  • Perform testing of all upgrades to ensure cybersecurity compliance prior to installation of new equipment
  • Assess, remediate, mitigate, and document/track risks associated with cybersecurity vulnerabilities
  • Perform Security Impact Assessments on all system changes and events to identify and document and impacts to cybersecurity
  • Validate systems are configured securely as part of testing initiatives
What we offer
What we offer
  • medical, dental, and vision coverage
  • generous 401k matching
  • employee stock purchase program
  • life insurance options
  • time off with pay
  • Fulltime
Read More
Arrow Right