CrawlJobs Logo

Threat Intelligence & Incident Response Lead

United Kingdom, Manchester · Job Posted July 03, 2026
Apply Position
Job Link Share

Job Description

The Threat Intelligence & Incident Response Lead shapes ANS’ proactive cyber defence through intelligence-led operations, incident response, threat hunting, and CTEM. You’ll lead threat intelligence and incident response within the SOC, turning emerging threats and customer risk into actionable detection and response. Combining hands-on expertise with technical leadership, you’ll drive the evolution of MDR and proactive security services, while collaborating across Security teams, customers, and partners to strengthen overall capability.

Job Responsibility

  • Lead and mature threat intelligence, embedding it across detection, investigation, hunting, and protection
  • Research emerging threats, adversary tactics, and vulnerabilities relevant to customers
  • Translate intelligence into actionable detections, automation, and security improvements
  • Produce customer and internal threat advisories
  • Identify emerging risks across sectors and technologies
  • Align with frameworks (e.g. MITRE ATT&CK)
  • Partner with Engineering and SOC to improve detection and response
  • Lead technical response for high-priority incidents (P1/P2)
  • Own and enhance incident readiness, playbooks, and processes
  • Drive post-incident reviews and continuous improvement
  • Embed threat-informed improvements into detections and response
  • Support containment, eradication, and recovery activities
  • Coordinate escalations, including external IR and forensics
  • Lead incident response exercises
  • Mature CTEM through threat-informed risk and exposure prioritisation
  • Correlate vulnerabilities and telemetry with threat intelligence
  • Support exposure validation, security reviews, and testing
  • Provide recommendations to reduce risk and improve resilience
  • Support proactive security improvements across services
  • Develop hypothesis-led threat hunting aligned to threat landscape and risk
  • Lead proactive hunts using telemetry, intelligence, and IoCs
  • Collaborate to identify suspicious activity and attack patterns
  • Turn hunt outcomes into improved detections and response
  • Optimise detection through tuning and gap identification
  • Enhance ATT&CK-aligned detection coverage
  • Provide technical leadership across SOC activities
  • Mentor analysts through coaching and knowledge sharing
  • Drive maturity across IR, hunting, intelligence, and detection
  • Develop standards, documentation, and playbooks
  • Act as escalation point for complex investigations
  • Support service and capability development
  • Support customer discussions on incidents, threats, and risk
  • Present technical findings in clear business terms
  • Contribute to service improvement and maturity discussions
  • Partner with Customer Success, Service Owners, and Pre-Sales to align services.

Requirements

  • Experience in one or more of: SOC, MDR or MSSP environments
  • Threat intelligence and adversary analysis
  • Incident response and cyber coordination
  • Threat hunting and proactive investigations
  • Detection engineering and alert tuning
  • SOAR / security automation
  • CTEM, vulnerability prioritisation or exposure management
  • Cloud and identity security (Microsoft / multi-cloud). Strong understanding of: SIEM/SOAR platforms (e.g. Chronicle, Sentinel)
  • Microsoft Defender ecosystem
  • MITRE ATT&CK framework
  • IoCs and threat actor behaviour
  • Security telemetry and investigation workflows
  • Incident response lifecycle and containment. Soft Skills: Strong communication and stakeholder engagement
  • Ability to translate technical concepts into business language
  • Calm, structured approach during incidents
  • Analytical and problem-solving mindset
  • Passion for cyber security and emerging threats
  • Collaborative and supportive technical leadership.

What we offer

  • 25 days’ holiday, plus you can buy up to 5 more days
  • Birthday off
  • Extra celebration day
  • 5 days’ additional holiday in the year you get married
  • 5 volunteer days
  • Private health insurance
  • Pension contribution match
  • 4 x life assurance
  • Flexible working
  • Work from anywhere for up to 30 days per year
  • Maternity: 16 weeks’ full pay
  • Paternity: 3 weeks’ full pay
  • Adoption: 16 weeks’ full pay
  • Company social events
  • Electric car scheme
  • 12 days of personal growth development time.

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Threat Intelligence & Incident Response Lead

8 matching positions

Incident Response Lead - Global Security

The Incident Response (IR) Lead is accountable for leading and maturing the orga...
Location
Location
Poland; Sweden; United Kingdom , Łódź; Stockholm; London
Salary
Salary:
Not provided
arrive.com Logo
Arrive
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience in cybersecurity, with significant hands-on involvement in Incident Response and Detection & Response functions
  • Demonstrated experience leading and managing IR or SOC teams in complex environments
  • Strong expertise in incident response methodologies, digital forensics, threat hunting, and attacker tactics, techniques, and procedures (TTPs)
  • Solid understanding of security technologies (EDR, SIEM, SOAR), network protocols, operating systems, and enterprise infrastructure
  • Proven ability to translate technical findings into business-relevant insights and communicate effectively with senior stakeholders
  • Experience developing and operationalizing playbooks, detection use cases, and response frameworks
  • Strong analytical and problem-solving capabilities, with attention to detail under pressure
  • Ability to lead in high-stress situations, make informed decisions quickly, and manage competing priorities
  • Experience fostering a high-performing team culture focused on collaboration, ownership, and continuous improvement
  • Excellent written and verbal communication skills, including experience delivering executive briefings
Job Responsibility
Job Responsibility
  • Own and lead the Incident Response function, including strategy, governance, and operational execution
  • Direct and optimize daily IR operations, ensuring efficient handling of security incidents, escalations, and threat hunting activities
  • Act as the central coordination point during major incidents, ensuring structured response, clear communication, and minimal business disruption
  • Design, maintain, and continuously improve incident response playbooks, workflows, and escalation procedures
  • Review and quality-assure investigations, ensuring consistency in analysis, evidence handling, and decision-making
  • Collaborate with internal teams and external partners to ensure seamless incident management
  • Lead, mentor, and develop the IR team, promoting technical excellence, accountability, and continuous learning
  • Support crisis management activities, including participation in tabletop exercises and real-world incident coordination
  • Ensure alignment with regulatory, legal, and compliance requirements related to incident response and breach handling
  • Drive integration between detection engineering, threat intelligence, and response to enhance overall security effectiveness
  • Fulltime
Read More
Arrow Right

Gaming Principal, Cloud Threat Detection & Incident Response Engineer

We are seeking a Gaming Principal, Cloud Threat Detection & Incident Response En...
Location
Location
United States , Multiple Locations
Salary
Salary:
139900.00 - 274800.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR equivalent experience
Job Responsibility
Job Responsibility
  • Architect and drive Gaming’s cloud-first detection and response vision by integrating Azure, AWS, and GCP (Google Cloud Platform) native security services and telemetry sources into TDIR (Threat Detection, Investigation, and Response) workflows
  • Lead adoption and optimization of Microsoft Defender for Cloud, Sentinel, Entra ID security, Defender for Cloud Apps, and other cloud-native security controls
  • Establish standards and reference architectures for cloud telemetry ingestion, normalization, enrichment, and threat analytics across diverse studio environments
  • Build and maintain high-fidelity, cloud-native detections targeting threat actors across identity, SaaS, PaaS, IaaS, and Kubernetes environments
  • Develop behavioral detections leveraging KQL (Kusto Query Language), automation, analytics, and ML-assisted methodologies
  • Partner with threat intelligence to map adversary TTPs (Tactics, Techniques, and Procedures) to cloud control surfaces and turn insights into durable detection engineering roadmaps
  • Serve as principal technical authority during major cloud-related incidents, providing expert guidance on identity compromise, lateral movement, key/material theft, resource manipulation, and multi-cloud attack paths
  • Formalize standards for cloud investigations, including telemetry requirements, visibility gaps, and automated triage workflows
  • Drive post-incident cloud hardening by influencing product teams, studio engineering, and platform owners
  • Architect and implement automation for detection deployment, evidence collection, containment, and remediation using Azure Functions, Logic Apps, and modern SOAR patterns
  • Fulltime
Read More
Arrow Right

Cybersecurity Incident Response Team Lead

The Cybersecurity Incident Response Team Lead is a leadership role responsible f...
Location
Location
United States Of America , NEW YORK
Salary
Salary:
150000.00 - 185000.00 USD / Year
credit-agricole.com Logo
Crédit Agricole
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Cybersecurity, Information Technology, Business Administration, or a related field
  • Minimum 10+ years of experience in information security or related field
  • Ability to analyze, prioritize, and manage security incidents effectively
  • Ability to align cyber risk initiatives with business objectives
  • Strong ensure thorough documentation and clear communications over security operations activities
  • Proven track record of building and leading high performing teams
  • Expertise in navigating banking regulations
  • Strong knowledge with information security technologies such as SIEM, SOAR, EDR, NDR, etc.
  • Strong knowledge with leading security investigations
  • Deep understanding of frameworks such as NIST Cybersecurity Framework
Job Responsibility
Job Responsibility
  • Develop and execute a comprehensive security operations strategy aligned with the bank's risk appetite and business objectives
  • Provide thought leadership on emerging cyber risks and recommend proactive measures to mitigate them
  • Serve as a trusted advisor to executive leadership, management committees, and the board on cyber risk issues
  • Define, maintain, and report operational metrics to evaluate Security Operations program performance, effectiveness, and adherence with organizational and regulatory requirements
  • Direct and manage Americas Cyber Security Incident Response Team (CSIRT) to ensure timely monitoring, detection, and response to threats
  • Lead the development and execution of the bank’s incident response plan and associated playbooks
  • Coordinate responses to security incidents, ensuring minimal impact and quick recovery
  • Establish and maintain a threat intelligence program to proactively identify and respond to emerging threats
  • Evaluate, implement, and optimize security processes and technologies to enhance detection and response capabilities
  • Collaborate with IT and engineering teams to integrate security into systems and processes
  • Fulltime
Read More
Arrow Right

Cybersecurity Incident Response Team Lead

The Cybersecurity Incident Response Team Lead is a leadership role responsible f...
Location
Location
United States , New York
Salary
Salary:
150000.00 - 185000.00 USD / Year
assessfirst.com Logo
Assessfirst
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Cybersecurity knowledge
  • Incident response
  • Regulatory compliance
  • Collaboration and teamwork
  • Training and development
Job Responsibility
Job Responsibility
  • Develop and execute a comprehensive security operations strategy aligned with the bank’s risk appetite and business objectives
  • Provide thought leadership on emerging cyber risks and recommend proactive measures to mitigate them
  • Serve as a trusted advisor to executive leadership, management committees, and the board on cyber risk issues
  • Define, maintain, and report operational metrics to evaluate Security Operations program performance, effectiveness, and adherence with organizational and regulatory requirements
  • Direct and manage Americas Cyber Security Incident Response Team (CSIRT) to ensure timely monitoring, detection, and response to threats
  • Lead the development and execution of the bank’s incident response plan and associated playbooks
  • Coordinate responses to security incidents, ensuring minimal impact and quick recovery
  • Establish and maintain a threat intelligence program to proactively identify and respond to emerging threats
  • Evaluate, implement, and optimize security processes and technologies to enhance detection and response capabilities
  • Collaborate with IT and engineering teams to integrate security into systems and processes
  • Fulltime
Read More
Arrow Right
New

Incident Response Manager

As Incident Response Manager within our Security Operations team, you will perfo...
Location
Location
Portugal , Porto; Lisbon
Salary
Salary:
Not provided
https://www.tui.com Logo
TUI
Expiration Date
July 28, 2026
Flip Icon
Requirements
Requirements
  • You have experience practicing all technical, functional, and operational aspects of cyber security incident handling and response in an enterprise organization
  • Your ability to collect, analyze, and correlate cyber threat information enables you to manage incident response related to operating systems, servers, clouds, and relevant infrastructures
  • You bring strong knowledge of cyber incident handling standards, methodologies, and frameworks along with Secure Operation Centres platform technology such as SIEM, SOAR and CTI
  • You possess management skills for incident records, report writing and presentation with the ability to analyze and report security incidents to technical and non-technical stakeholders
  • Your communication skills, both written and verbal, enable you to influence information security and IT operations colleagues from around the world
  • You have solid understanding of cyber threats, Cyber Kill Chain, Attack and Defend Frameworks, along with knowledge of cyber security-related certifications, laws, regulations, and legislations
Job Responsibility
Job Responsibility
  • You'll contribute to the development, maintenance, and assessment of our Cyber Incident Response Plan while developing and implementing procedures related to incident handling
  • Identifying, analyzing, mitigating, and communicating cyber security incidents, you'll apply problem management to prevent incidents from reoccurring and measure detection and response effectiveness
  • We'll look to you to collect, analyze, and correlate cyber threat information from multiple sources, producing actionable intelligence for dissemination to stakeholders at tactical, operational, and strategic levels
  • Evaluating the resilience of cyber security controls, you'll adopt and develop incident handling testing techniques while establishing procedures for incident results analysis and reporting
  • Your role will involve cooperating with and supporting Secure Operation Centres and Computer Security Incident Response Teams while documenting incident handling actions comprehensively
  • Working closely with the Cyber Security Operations Lead, information security colleagues, IT operations teams globally, and key personnel, you'll ensure reporting of security incidents according to applicable regulatory and legal frameworks
What we offer
What we offer
  • Attractive remuneration
  • discretionary bonus schemes
  • generous travel benefits
  • extensive health & well-being support
  • Flexible working
  • dynamic working environment
  • Access the TUI Learning Hub
  • opportunities to work on global projects and teams
  • local charity and sustainability initiatives like the TUI Care Foundation
  • Fulltime
Read More
Arrow Right

Cyber Threat Intelligence Specialist

Join our mission to fight cybercrime and become a key member of our Threat Intel...
Location
Location
North Macedonia , Skopje
Salary
Salary:
Not provided
hornetsecurity.com Logo
Hornetsecurity
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong understanding of fundamental cybersecurity concepts, including the CIA triad (Confidentiality, Integrity, Availability), vulnerability management, Advanced Persistent Threats (APT), as well as security frameworks and standards such as NIST, ISO 27001 and MITRE ATT&CK
  • Advanced understanding of tools, tactics, techniques and Procedures (TTPs) utilized by threat actors and ability to identify behavioural or recurrent patterns
  • Proficiency with threat intelligence platforms such as OpenCTI, MISP or ThreatConnect
  • Familiarity with programming and scripting languages (e.g., Python, PowerShell)
  • Proficiency in network protocols and packet analysis, with a deep understanding of TCP/IP, DNS, HTTP/HTTPS, and other relevant protocols
  • Proficiency in using SIEM solutions (e.g., Splunk, QRadar), and other security tools
  • Strong analytical and problem-solving skills to assess complex threat information
  • Excellent written and verbal communication skills to effectively convey threat intelligence to both technical and non-technical audiences
  • Ability to work collaboratively in a team environment and build strong relationships with stakeholders
  • Strong attention to detail to identify subtle indicators of compromise and emerging threats
Job Responsibility
Job Responsibility
  • Lead the management of Threat Intelligence within our CTI platform. Verify and ensure the accuracy and reliability of data within the platform
  • Develop and maintain threat intelligence processes and procedures
  • Continuously monitor and analyze Cyber Threat Intelligence from various sources including open-source intelligence, commercial feeds and internal data
  • Identify and assess potential threats and vulnerabilities to our clients
  • Provide actionable intelligence insights to support relevant teams for incident response
  • Evaluate and recommend new tools and technologies to improve threat intelligence capabilities
  • Produce detailed reports and briefings on cyber threats, trends and incidents for technical and non-technical stakeholders
  • Collaborate with internal and external cybersecurity associations on behalf of Hornetsecurity, representing the company at industry events and conferences
What we offer
What we offer
  • Room for innovation and autonomy in a fast-growing international company
  • Temporary Employee Exchange Program – we provide the ability for you to work at our global office locations and explore the world (e.g. Berlin, Madrid, Malta, Montréal, Washington D.C.)
  • Flexible working hours and the option to work from home
  • Permanent contracts – we’re in it for the long haul and hope you are too!
  • Team events like Laser Tag, Office Movie Nights, Foodie Fridays and much more – let yourself be surprised!
  • FitKit subscription and private insurance for your health!
  • Referral Bonus: we pay 1500€ for each referral who is successfully hired by us!
  • Fulltime
Read More
Arrow Right

Sr. Engineer, Cybersecurity - Threat Response

This role is essential for protecting digital assets and maintaining the integri...
Location
Location
United States , Bellevue
Salary
Salary:
103400.00 - 186400.00 USD / Year
https://www.t-mobile.com Logo
T-Mobile
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's Degree plus 5 years of related work experience OR Advanced degree with 3 years of related experience. Acceptable areas of study include Computer Science or Information Technology. (required)
  • 4-7 years experience with security related software and/or business process design.
  • 4-7 years experience in technical project management and leading multi-functional solution design teams.
  • 4-7 years experience in network information security, including firewall policy design, SSL certificate management, and vulnerability analysis and mitigation.
  • Experience supporting cybersecurity operations, security investigations, or incident response activities.
  • Experience with enterprise security technologies and security monitoring platforms.
  • At least 18 years of age
  • Legally authorized to work in the United States
Job Responsibility
Job Responsibility
  • Conduct analysis of security alerts, incidents, and threat intelligence to identify potential risks and assess impact to systems and business operations.
  • Lead and support cybersecurity incident response activities, including detection, investigation, containment, eradication, recovery, and post-incident review.
  • Serve as Incident Commander during cybersecurity incidents, coordinating multi-functional response efforts, driving decision-making, managing communications, and ensuring timely resolution of security events.
  • Conduct proactive investigations to identify emerging threats, validate security controls, and improve detection and response capabilities.
  • Develop and implement response procedures and mitigation strategies to reduce organizational risk.
  • Collaborate with internal technology teams and business partners to investigate security events and drive remediation efforts.
  • Partner closely with network, cloud, infrastructure, and application teams to investigate security incidents impacting enterprise and telecommunications environments.
  • Document incident findings, root cause analysis, response actions, and lessons learned in accordance with company policies and regulatory requirements.
  • Communicate incident status, technical findings, and remediation recommendations to leadership and key collaborators.
  • Contribute to continuous improvement of detection and response capabilities through process enhancements, tuning opportunities, automation, and knowledge sharing.
What we offer
What we offer
  • Competitive base salary
  • Annual stock grant
  • Employee stock purchase plan
  • 401(k)
  • Access to free, year-round money coaches
  • Medical, dental and vision insurance
  • Flexible spending account
  • Paid time off
  • Up to 12 paid holidays
  • Paid parental and family leave
  • Fulltime
Read More
Arrow Right

Threat Intelligence Manager

Security represents the most critical priorities for our customers in a world aw...
Location
Location
United States , Redmond
Salary
Salary:
165600.00 - 296400.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 5+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection.
  • OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection.
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 8+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection.
  • OR equivalent experience.
  • 3+ years people management experience.
  • Ability to meet Microsoft, customer and/or government security screening requirements are required for this role.
  • Microsoft Cloud Background Check: This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Job Responsibility
Job Responsibility
  • Lead, coach, and grow a U.S.-based team of Threat Intelligence Security Analysts focused on tracking criminal threat actors, campaigns, infrastructure, and emerging trends.
  • Define the vision, strategy, and priorities for the team to deliver high-quality intelligence that drives customer protection and business impact.
  • Build and operationalize a hybrid human + agentic intelligence team, applying AI technologies, automation, and workflow innovation to improve scale, speed, and insight generation.
  • Foster an engineering-oriented culture that values technical depth, experimentation, continuous improvement, and measurable outcomes.
  • Partner across engineering, product, security research, detections, data science, and incident response teams to translate intelligence into protections, investigations, product improvements, and strategic decisions.
  • Drive production of clear, actionable intelligence outputs for technical teams, leadership, and external stakeholders, including actor assessments, campaign analysis, strategic reporting, and executive briefings.
  • Establish and maintain analytic standards, tradecraft, quality controls, and operating mechanisms for the team.
  • Develop trusted relationships across the intelligence community, including industry partners, external organizations, and agencies engaged in tracking criminal threat actors.
  • Represent Microsoft through customer engagements, industry forums, and presentations at security conferences and other external events.
  • Hire and develop diverse talent, build an inclusive and high-performing team culture, and create an environment where analysts can do their best work.
  • Fulltime
Read More
Arrow Right